[tor-relays] Changes in network traffic pattern
Hu Man
human at zagbot.com
Thu Feb 5 22:32:42 UTC 2015
Hi All
I have been running a tor relay for about a year and according to my munin
graph It normally receives, on average, just under 2,000 incoming tcp
connections on port 443 every 5 minutes.
In the last few days that figure has increased to about 10,000 and spiked
to about 19,000 incoming requests every 5 minutes.
First thought was DDOS but traffic is not high enough to cause any problems.
I did some digging and in a 5 minute period received the following requests
to the port tor is listening on (number of requests and source ip address)
2722 SRC=107.167.22.79
1355 SRC=107.167.22.90
1334 SRC=104.37.244.131
1237 SRC=213.251.185.14
604 SRC=188.247.130.32
13 DST=178.200.216.58
7 SRC=92.63.110.232
6 SRC=5.196.8.208
6 SRC=200.76.82.231
6 DST=93.158.248.243
This is only the top 10 source ip addresses. I had a look and none of the
top few seem to be tor relays.
Just wondering if others are seeing a large number of requests from the
above ip addresses or if it's just me. If it is just me then I can easily
just block these ip addresses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150206/8548e148/attachment.html>
More information about the tor-relays
mailing list