[tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
jj tor
jjproyects at gmail.com
Mon Nov 4 20:41:34 UTC 2013
Hello all,
I've set up a tor exit relay (0.2.4.17-rc, debian testing) on a VPS, and
it's running well (about 20Gbs/day).
But a lot of traffic (about 50%!) is using port 9050 for incoming
connections. It's something more than random scans.
Because I am worried, I've run tcpdump on this port and the packets length
is about 50-60 bytes long. It seems like DOS or flood traffic: external ip
tries to connect and my server refuses (RST, ACK), each time.
My OR port is 9001, and, of course, SocksPort = 0 in my torrc.
Do you think something is wrong with my relay? Why that traffic if my only
tor port is 9001? Should I block that traffic using iptables?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131104/5920cf63/attachment.html>
More information about the tor-relays
mailing list