Malicius ingress traffic on relay node leads to 100% CPU usage

Hi All,

First of all thanks for reading this post.

I am having a problem with one of my relay nodes, most probably caused by malicious inbound traffic that makes the cardano-node work at more than 100% CPU capacity.

The node worked seamlessly from its initial setup, about 3 weeks ago, but over the past 2 days, I noticed an unusual increase in inbound traffic with an average of 500Kb/s.

I have temporarily resolved the situation by whitelisting incoming traffic only from trusted IP addresses, but I was wondering if there was a more efficient solution and if anybody else experienced this problem in the past before.

As far as my understanding goes, I need to allow incoming connections on the relay port from anywhere to make sure I maintain a healthy number of peers and get the chance to process transactions that could eventually lead to producing blocks. Am I completely wrong here?

Your help is very much appreciated!




Try to filter icmp packets and check again, perhaps some one is “playing” with u; or try to filter the peers one by one maybe u will be able to find the peer which causing this behavior;



Hi Alex, thanks for your answer. Your contribution is noticed all over the forum!

I ended up setting up a firewall to filter out all unwanted traffic, including ICMP packets, and that seemed to do the trick.

Relays are back on track!

Many thanks

1 Like

Can you expand how this is practically done? I think I am having the same issue

U can find the step in my topic how to setup a pool in few minutes…


1 Like