Hi, > On 5 Sep 2019, at 03:54, potlatch <potla...@protonmail.com> wrote: > > I had TorExitFin [0] down for a few days hoping the non-Tor Iranian intruders > would wander off. I restarted it today and before NYX could come up there > were 257 Iranian IPs present (nicely automated!). The IP addresses range > over all of the IP addresses allotted to Iran so their usage must come from a > high authority to get that kind of access. NYX communications page showed > that none of these had hashed fingerprints. At the same time 3 IPs came up > from other countries with fingerprints. Should I leave this shut down for > the security of the network? > -potlatch > [0] 9B31F1F1C1554F9FFB3455911F82E818EF7C7883
It's not an attack. It looks like a bad interaction between tor and Iran's censorship. Or genuine usage of tor by an app or a whole bunch of users. See this ticket for more details: https://trac.torproject.org/projects/tor/ticket/30636 You should do whatever you need to do to keep your relay running. If you can, accept the traffic, rate-limit the traffic, or drop the traffic (without replying at all). We're working on a fix on the tor side. T
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays