[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Hack attempts made to appear as exit node?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Hack attempts made to appear as exit node?
From: "Steve Snyder" <swsnyder@xxxxxxxxxxxxx>
Date: Thu, 6 Dec 2012 10:38:29 -0500 (EST)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Dec 2012 10:46:54 -0500
Importance: Normal
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx

I recent days I have gotten 3 complaints from people who report hack attempts from my exit node, at 82.221.99.229.  One problem: this IP address is not in use by me and never has been.

The RDNS for this address is "tor-exit.burratino.net" and there is the standard Tor explanatory page on http://82.221.99.229/.  The "email the maintainer" is a mailto link to my e-mail address, thus the contacts from people reporting hack attempts.

I guess that the page on port 80 was ripped from my actual exit although it is slightly different in that my page has my IP address on it, and http://82.221.99.229/ doesn't reference any particular IP address.

Further, I can find no evidence ( https://metrics.torproject.org/exonerator.html ) that this IP address has ever actually run a Tor node.

Am I crazy or is someone doing port-scanning and making it appear to be from a Tor exit node?


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] VPSes for Tor (was Re: Disappointing AUP - (was Re: DDOS?))
Next by Author: Re: [tor-relays] Complaint about spam originating from my server
Previous by thread: Re: [tor-relays] Traffic pattern on Tor relay
Next by thread: [tor-relays] Complaint about spam originating from my server
Index(es):
- Author
- Thread