Malicius ingress traffic on relay node leads to 100% CPU usage

Hi All,

First of all thanks for reading this post.

I am having a problem with one of my relay nodes, most probably caused by malicious inbound traffic that makes the cardano-node work at more than 100% CPU capacity.

The node worked seamlessly from its initial setup, about 3 weeks ago, but over the past 2 days, I noticed an unusual increase in inbound traffic with an average of 500Kb/s.

I have temporarily resolved the situation by whitelisting incoming traffic only from trusted IP addresses, but I was wondering if there was a more efficient solution and if anybody else experienced this problem in the past before.

As far as my understanding goes, I need to allow incoming connections on the relay port from anywhere to make sure I maintain a healthy number of peers and get the chance to process transactions that could eventually lead to producing blocks. Am I completely wrong here?

Your help is very much appreciated!

Thanks,

Gilberto

Hello,

Try to filter icmp packets and check again, perhaps some one is “playing” with u; or try to filter the peers one by one maybe u will be able to find the peer which causing this behavior;

Cheers

Hi Alex, thanks for your answer. Your contribution is noticed all over the forum!

I ended up setting up a firewall to filter out all unwanted traffic, including ICMP packets, and that seemed to do the trick.

Relays are back on track!

Many thanks

Can you expand how this is practically done? I think I am having the same issue

U can find the step in my topic how to setup a pool in few minutes…

Cheers,