On Mon, 2020-04-06 at 14:04 -0700, Eddie wrote: > On the VPS where I run a couple of bridges, I often see the > following: > > tcp6 0 0 aaa.bbb.cc.dd:443 194.14.247.1:18913 > SYN_RECV > tcp6 0 0 aaa.bbb.cc.dd:443 54.93.50.35:18457 > SYN_RECV > tcp6 0 0 aaa.bbb.cc.dd:443 194.68.0.1:29917 > SYN_RECV > > Is this normal probing by the script kiddies or is it specific > because > I'm running the bridges. I'd say the former, it is most probably regular Internet background noise. Regular relays and especially exit relays are a much bigger target than bridges (whose IP addresses are not conveniently listed). This kind of port scanning should be quite harmless as long as you're not exposing vulnerable software. Imre
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays