This may be similar to my situation with my Finland exit relay [1].  I was finally forced to deal with kern overload that shut my cpu down.  I had several thousand IP's without hashed fingerprints opting to get into Tor.  A combination of hardening, banning and increasing kern processing to 100,000 helped.  Since then I have a Consensus Weight of 600 rather than the 8000 before the intrusion.  Strange thing:  ufw banning and reboot does not seem to stop a few of the Iranian IP addresses--they're still there.

-potlatch

On 8/19/2019 2:44 AM, niftybunny wrote:
Same here +1


On 15. Aug 2019, at 16:43, Tim Niemeyer <tim@tn-x.org> wrote:

Signed PGP part
Hello

I've noticed a reduction in tor traffic about 50% since Sunday. The cpu
load stayed almost same. The amount of TCP Sessions increased from ~34k
to ~65k. Also the abuse rated about network scans got increased since
Sunday.

Does anyone knows what's there going on?

My guess is that since Sunday anyone uses Tor for extended network
scans, which results in a very high packet rate.

Personally I've no problem with some network scans, but this is a bit
annoying and I asked myself if this is still a scan or more a DOS.

https://metrics.torproject.org/rs.html#search/family:719FD0FA327F3CCBCDA0D4EA74C15EA110338942

Kind regards
Tim




      

      

      
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


    

    
-- 

      1. When a distinguished but elderly scientist states that
      something is possible, he is almost certainly right. When he
      states that something is impossible, he is very probably wrong. 2.
      The only way of discovering the limits of the possible is to
      venture a little way past them into the impossible. 3. Any
      sufficiently advanced technology is indistinguishable from magic.
      - Arthur C. Clarke