[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)

jj tor jjproyects at gmail.com
Mon Nov 4 20:41:34 UTC 2013

Hello all,

I've set up a tor exit relay (, debian testing) on a VPS, and
it's running well (about 20Gbs/day).

But a lot of traffic (about 50%!) is using port 9050 for incoming
connections. It's something more than random scans.

Because I am worried, I've run tcpdump on this port and the packets length
is about 50-60 bytes long. It seems like DOS or flood traffic: external ip
tries to connect and my server refuses (RST, ACK), each time.

My OR port is 9001, and, of course, SocksPort = 0 in my torrc.

Do you think something is wrong with my relay? Why that traffic if my only
tor port is 9001? Should I block that traffic using iptables?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131104/5920cf63/attachment.html>

More information about the tor-relays mailing list