On 28 May 2018, at 00:04, Logforme m7527@abc.se wrote:

After reading this post https://lists.torproject.org/pipermail/tor-relays/2018-May/015277.html I started looking into what is happening on the dir port on my relay (855BC2DABE24C861CD887DB9B2E950424B49FC34)

The bandwidth ratio of dir/or traffic is around 3% to 4%. Not excessive according to the linked post.

Looking at the conntrack table I see many IP addresses (usually from Ukraine or Russia) with 100+ connections. Atm there are around 10 IP addresses with 100+ connections and around 30 with 10+ connections. None of the IP addresses I've looked at are Tor relays.

Some questions: Is this expected behaviour against on a fallbackdir flagged relay?

I don't think this has anything to do with your relay being a fallback directory mirror.

It's more likely that there are lots of old (<0.2.8) clients or unpublished relays on those IP addresses.

Does the DoS prevention implemented recently address abuse against the dir port?

I don't think so, but I have CC'd the author of that patch to confirm.

I read that newer Tor clients don't use the dir port. Correct?

Tor 0.2.9 and later never use DirPorts. Tor 0.2.7? and later avoid using DirPorts.

Do Tor relays use the dir port?

Yes.

Can I remove the dir port from my relay without reducing my relays usability to the network?

If your relay has limited resources, you should disable your DirPort. Clients will still use your relay as a directory mirror via the ORPort.

Your relay will keep being a useful fallback until the next fallback rebuild later in 2018. (The fallback script needs DirPorts to check if relays are working.)

T

-- teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------