[tor-relays] What to do about port scans?

Steve Snyder swsnyder at snydernet.net
Wed Jul 31 18:48:05 UTC 2013

I wouldn't have thought that the Tor network was fast enough for port 
scanning, but apparently it is.  I have recently seen a rash of SSH port 
scanning (or so my ISP reports). What can/should  I do about this?

I know I can limit the rate of connections using iptables.  What's the 
consensus on this?  Is this considered advisable, or a breach of 
expected exit node behavior?

Do I have any options other than iptables to restrict the rate of port 
22 connection attempts?


More information about the tor-relays mailing list