apparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigation
Early this year I noticed excessive DIR requests against my relay and also in the Relay Search usage graphs of other fallback directory nodes. Wrote an iptables rule and put an end to it.
The attacker enhanced their botware to request via OR port and the problem is back. In the previous 24-hour stats window DIR requests increased output load on the relay by 17%. In the current cycle the increase is 12%.
Opening this ticket to put the problem on the radar. When time permits (never enough time, I know) and/or the attack escalates please investigate an enhancement to DOS mitigation to address this issue.