[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)

Paritesh Boyeyoko parity.boy at gmail.com
Tue Nov 5 17:42:42 UTC 2013

@jj tor

The fact that your relay is refusing connections says that the port isn't 
open, which is a good thing.

I suspect that persons unknown have port scanned your VPS, realised that you 
have Tor running (on standard ports) and is speculatively using a bot to 
(hopefully) connect to the SOCKS interface.

I would 

a) move the Tor relay to non-standard ports
b) use iptables to drop all incoming connections apart from the (new) Tor 
ports and shell access.

parity.boy at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131105/8aa14a79/attachment-0001.html>

More information about the tor-relays mailing list