[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor exit nodes attacking SSH?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor exit nodes attacking SSH?
From: Roger Dingledine <arma@xxxxxxx>
Date: Wed, 9 Aug 2017 02:41:34 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Aug 2017 02:41:52 -0400
In-reply-to: <20170809105801.7520a996@natsu>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20170809004808.GA39122@pyro.eu.org> <fa8309e3-2af1-d6d0-9e64-e1cdba295863@riseup.net> <20170809105801.7520a996@natsu>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.8.2 (2017-04-18)

On Wed, Aug 09, 2017 at 10:58:01AM +0500, Roman Mamedov wrote:
> > No, dropbear is an SSH server that 8.8.8.8 seems to be running.
> 
> Did you try ssh'ing into 8.8.8.8 (outside of Tor)? It does not run a public
> SSH server at all (obviously).
> 
> The point was to demonstrate that the exit node intercepts port 22 connections
> to any IP, and redirects them to the same particular instance of dropbear.

Right -- it seems clear that there is some exit relay out there that is
handling requests for 8.8.8.8:22 (and probably *:22) poorly. If somebody
can tell us which one it is, we'll get rid of it.

(Several groups who run scanners for this sort of thing will hopefully
pick this thread up in the next day or so and we can resolve it then.)

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor exit nodes attacking SSH?
  - From: Roger Dingledine

References:
- [tor-relays] Tor exit nodes attacking SSH?
  - From: Steven Chamberlain
- Re: [tor-relays] Tor exit nodes attacking SSH?
  - From: Mirimir
- Re: [tor-relays] Tor exit nodes attacking SSH?
  - From: Roman Mamedov

Prev by Author: Re: [tor-relays] DIR Port
Next by Author: Re: [tor-relays] 60 new neu.edu relays in 16 minutes
Previous by thread: Re: [tor-relays] Tor exit nodes attacking SSH?
Next by thread: Re: [tor-relays] Tor exit nodes attacking SSH?
Index(es):
- Author
- Thread