[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)

Gordon Morehouse gordon at morehouse.me
Tue Nov 5 23:56:42 UTC 2013

On Tue, 5 Nov 2013 20:10:09 +0100, jj tor <jjproyects at gmail.com> wrote:

> Hello again,
> indeed, the port 9050 is closed, but not filtered. I've set up a drop rule
> in the VPS firewall( Parallels Plesk Panel) on this port, but it's not
> working fine.
> I am amazed by all the amount of this kind of traffic, more than 700
> packets/second. According to Kent Backman, this is the clickfraud net
> called "Rotpoi$on" (a lot of info at
> https://b.kentbackman.com/2013/04/15/rotpoion-botnet-powered-by-thousands-of
> -servers/)
> Maybe I'll be able to block all these incoming connections, but I'm afraid
> that overall relay performance will decrease drastically because all the
> filtering work...

iptables DROP is cheap.

-Gordon M.

More information about the tor-relays mailing list