On 2/21/21 12:37 PM, niftybunny wrote:
If I get say 20000 connections from a single IP it would be blocked with
iptables.
Even much less looks unusal
With this command
watch -d -x bash -c 'ss --all --numeric --processes state syn-recv |
sort -k 5 -n'
I do see a handful of addresses - and at least one (rather new) Tor
relay is among them - which makes one SYN-RECV after the other w/o
finishing the handshake.
--
Toralf
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
