[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Changes in network traffic pattern

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Changes in network traffic pattern
From: Hu Man <human@xxxxxxxxxx>
Date: Fri, 6 Feb 2015 11:32:42 +1300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 05 Feb 2015 17:40:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zagbot.com; s=google; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=4VTS1/yxXAd8mm8mTMZdlXtwUeuLqQUhkiu2eKYyAVo=; b=EBzTm+6PTtopWK85Bqpy3j6EfayXuHsHdhmXpta4cOhXzD2iqKRdFAh0fnBsVZpTY+ mVe/LBw0fUcfRlZpgMR6gfPtMUWMx/ULg76C52r8Ali6ujs4LHB5gi6zY/3KS2qX+Sa8 yDb0Sv+udWh5db1eoky4XFXkCPk7bpOE2qk9o=
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi All

I have been running a tor relay for about a year and according to my munin graph It normally receives, on average, just under 2,000 incoming tcp connections on port 443 every 5 minutes.

In the last few days that figure has increased to about 10,000 and spiked to about 19,000 incoming requests every 5 minutes.

First thought was DDOS but traffic is not high enough to cause any problems.

I did some digging and in a 5 minute period received the following requests to the port tor is listening on (number of requests and source ip address)

ÂÂÂ2722 SRC="">Â Â1355 SRC="">Â Â1334 SRC="">Â Â1237 SRC="">Â Â 604 SRC="">Â Â Â13 DST=178.200.216.58
Â Â Â 7 SRC="">Â Â Â 6 SRC="">Â Â Â 6 SRC="">Â Â Â 6 DST=93.158.248.243

This is only the top 10 source ip addresses. I had a look and none of the top few seem to be tor relays.

Just wondering if others are seeing a large number of requests from the above ip addresses or if it's just me. If it is just me then I can easily just block these ip addresses.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Changes in network traffic pattern
  - From: Toralf FÃrster
- Re: [tor-relays] Changes in network traffic pattern
  - From: tor-admin

Prev by Author: Re: [tor-relays] 7 relays gone because of spammers
Next by Author: Re: [tor-relays] Relay operators: help improve this hardening document?
Previous by thread: Re: [tor-relays] Making your relay submit hidden service statistics
Next by thread: Re: [tor-relays] Changes in network traffic pattern
Index(es):
- Author
- Thread