[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] More attack traffic against Tor detected on exit relay




IPTables rule involved:

-A INPUT -p tcp -m string --hex-string "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|" --algo kmp -j LOG --log-prefix "IPTables-GFC-new " -A INPUT -p tcp -m string --hex-string "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|" --algo kmp -j DROP


Logs generated Wednesday from hits against these rules:

Jul 30 13:44:38 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT= MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=1.50.250.198 DST=64.113.44.206 LEN=147 TOS=0x08 PREC=0x20 TTL=44 ID=21838 DF PROTO=TCP SPT=13717 DPT=9001 WINDOW=46 RES=0x00 ACK PSH FIN URGP=0

Jul 30 13:44:59 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT= MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=175.152.3.46 DST=64.113.44.206 LEN=147 TOS=0x00 PREC=0x00 TTL=50 ID=21839 DF PROTO=TCP SPT=49229 DPT=9001 WINDOW=46 RES=0x00 ACK PSH FIN URGP=0

Jul 30 13:45:41 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT= MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=124.90.49.99 DST=64.113.44.206 LEN=147 TOS=0x00 PREC=0x00 TTL=49 ID=21840 DF PROTO=TCP SPT=10200 DPT=9001 WINDOW=46 RES=0x00 ACK PSH FIN URGP=0




_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays