[tor-relays] Rapid multiple connections from same relay or client on data port

Tora Tora Tora tor at allthatnet.com
Fri Apr 4 21:09:37 UTC 2014


I am running a latest 0.2.5.3-alpha Tor build. This time I am observing
multiple connections within one minute established on a data port from
the same address (not sure if client or relay). The latest flood of
connections comes from One World Labs who claim to be a computer
security company that also searches for leaked/stolen company
information in the "dark Internet" or something along those lines.

It seems to me that, since the circuits are connected randomly, the
likelihood of the same relay having multiple connections to my single
relay within such a short period of time is low. I think someone already
pointed out earlier that some clients used to start a number of circuits
before they needed them. I guess if such "broken" client chooses my
relay as an entry point, I can imagine they might start many circuits
fast. But then 0.2.5.3 release notes claimed improvements in DOS protection.

>From a practical point, is there a rule at what point I should consider
rapid multiple connections from the same address to my relay's
directory/data port a DOS attack and take some measures?


More information about the tor-relays mailing list