On Fri, 18 Apr 2014 23:29:08 -0800 I <beatthebastards@xxxxxxxxx> wrote: > What can I do about this? > The VPS business keeps saying this is reason to suspend? > > Fri, 18 Apr 2014 02:05:04 -0400 VPS 11028 (192.3.42.25) has 24676 conntrack sessions > Fri, 18 Apr 2014 02:05:09 -0400 VPS 11028 (192.3.42.25) has 24648 conntrack sessions > Fri, 18 Apr 2014 02:05:14 -0400 VPS 11028 (192.3.42.25) has 23119 conntrack sessions > Fri, 18 Apr 2014 02:05:19 -0400 VPS 11028 (192.3.42.25) has 20123 conntrack sessions > Fri, 18 Apr 2014 20:48:24 -0400 VPS 11028 (192.3.42.25) has 311 SSH connections > Fri, 18 Apr 2014 20:48:25 -0400 SUSPENDING VPS 11028 (192.3.42.25); it has 311 SSH connections Hello, Were you running an exit node there, with port 22 accepted in the exit policy? If so, someone might have been trying to brute-force SSH passwords via your exit node. If not, then still these might have been Tor connections, but to other relays, as some of them have their ORPort set to 22. However I don't know if it's normal that you would have 311 connections to them, after all they are in a tiny minority (only 20 relays or so): http://torstatus.blutmagie.de/index.php?SR=ORPort&SO=Asc -- With respect, Roman
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays