Hi All
I have been running a tor relay for about a year and according to my munin graph It normally receives, on average, just under 2,000 incoming tcp connections on port 443 every 5 minutes.
In the last few days that figure has increased to about 10,000 and spiked to about 19,000 incoming requests every 5 minutes.
First thought was DDOS but traffic is not high enough to cause any problems. I did some digging and in a 5 minute period received the following requests to the port tor is listening on (number of requests and source ip address)
2722 SRC=107.167.22.79 1355 SRC=107.167.22.90 1334 SRC=104.37.244.131 1237 SRC=213.251.185.14 604 SRC=188.247.130.32 13 DST=178.200.216.58 7 SRC=92.63.110.232 6 SRC=5.196.8.208 6 SRC=200.76.82.231 6 DST=93.158.248.243
This is only the top 10 source ip addresses. I had a look and none of the top few seem to be tor relays.
Just wondering if others are seeing a large number of requests from the above ip addresses or if it's just me. If it is just me then I can easily just block these ip addresses.
On Friday 06 February 2015 11:32:42 Hu Man wrote:
First thought was DDOS but traffic is not high enough to cause any problems. I did some digging and in a 5 minute period received the following requests to the port tor is listening on (number of requests and source ip address)
[... removed IP addresses...]
This is only the top 10 source ip addresses. I had a look and none of the top few seem to be tor relays.
Just wondering if others are seeing a large number of requests from the above ip addresses or if it's just me. If it is just me then I can easily just block these ip addresses.
As a responsible Tor relay operator please don't snoop IP addresses and more importantly if you get to know IP addresses accessing your relay during operating your server never post them on the internet.
Thanks for running a relay.
Regards,
torland
On 02/05/2015 11:32 PM, Hu Man wrote:
I have been running a tor relay for about a year and according to my munin graph It normally receives, on average, just under 2,000 incoming tcp connections on port 443 every 5 minutes.
/me assumes 443 is your ORport ?
In the last few days that figure has increased to about 10,000 and spiked to about 19,000 incoming requests every 5 minutes.
First thought was DDOS but traffic is not high enough to cause any problems.
and why it is not a DDOS ?
tor-relays@lists.torproject.org
-
Hu Man -
tor-admin@torland.me -
Toralf Förster