Hi, > On 28 Aug 2019, at 14:34, potlatch <potlatch@xxxxxxxxxxxxxx> wrote: > > I still haven't been able to rid myself of the Iranian servers revealed on the NYX connections page. I don't know their purpose but they slow the relay by about 85%. I have dropped them in the iptable input chain, restarted the VPS, but they show up after a day or two in spite. Maybe you could: * rate-limit new connections from that address block, or * limit the total number of connections from that address block. I have used similar firewall settings to deal with client DDoS on guard relays. Search the list archives for detailed instructions. > Today there were 121 of them with a large range of IPs. There have been as many as 1400 in a single day. None have identifiable hashed fingerprints. > I've enclosed a couple attachments of my input table (partial) and the NYX connection page (also partial). Please don't publicly post user IP addresses. Publishing user IP addresses can put users in danger, particularly in repressive countries, and for users who are targeted by their state authorities. Future posts from your email address will require moderator approval. > Can anyone enlighten me regarding this situation? I will probably dump the exit relay if I can't fix this intrusion. Thanks people!! Thanks for running a relay. I realise that this extra traffic is annoying. But your relay is helping other Tor users, and other relays, by soaking up this extra traffic. We are working on a solution to this issue, but it might take some time. T
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays