[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] More attack traffic against Tor detected on exit relay



On Fri, Aug 01, 2014 at 01:42:32PM -0400, tor@xxxxxxx wrote:
> IPTables rule involved:
> 
> -A INPUT -p tcp -m string --hex-string "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|"
> --algo kmp -j LOG --log-prefix "IPTables-GFC-new "
> -A INPUT -p tcp -m string --hex-string "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|"
> --algo kmp -j DROP

You probably found these iptables rules in a blog post [0].  Note that
this is not "attack" traffic.  Most likely, these are automated probes
from China whose purpose is to verify that your Tor relay is, in fact, a
Tor relay and it's safe to block it.

[0] https://idea.popcount.org/2013-07-11-fun-with-the-great-firewall/

Cheers,
Philipp
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays