[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] How to prevent netscan usage?



Hi,

First rule is to use some firewall, 2nd is to disable that port for few days. You will not lose exit flag becuase of this, just will give you time to learn more about how to secure your node. Few friends usingÂFirewallBuilder to learn how to build their firewall system, maybe you can start with that as well (http://www.fwbuilder.org/). Check and learn about flood attack and using iptables to block them. Good luck, maybe other node admins will have better solution for your case.

On 25 November 2015 at 23:21, Roland 'ValiDOM' Jungnickel <vali2015@xxxxxxxxxx> wrote:
hi,

I'm operating a tor exit with a relatively high bandwith rate for more
than 3 years.

My ISP receives more and more abuse tickets about my server regarding
netscans. These netscans are executed with dest. port 80 so I'm not able
to block them easily.

Any idea how to prevent netscans using my exit node? Below you find an
extract of such an abuse mail.

Thanks a lot!
ValiDOM

Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 41518 =>Â Â 46.20.92.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 41545 =>Â Â 46.20.92.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 41575 =>Â Â 46.20.92.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 45219 =>Â Â 59.192.63.xx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 45218 =>Â Â 59.192.63.xx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 45217 =>Â Â 59.192.63.xx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 42460 =>Â Â 59.203.179.x 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 42517 =>Â Â 59.203.179.x 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 42569 =>Â Â 59.203.179.x 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 57564 =>Â Â59.211.15.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 57596 =>Â Â59.211.15.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 57631 =>Â Â59.211.15.xxx 80
Wed Nov 18 12:55:27 2015 TCPÂ Â88.198.14xxx 58022 =>Â Â59.228.86.xxx 80
Wed Nov 18 12:55:27 2015 TCPÂ Â88.198.14xxx 58046 =>Â Â59.228.86.xxx 80
Wed Nov 18 12:55:27 2015 TCPÂ Â88.198.14xxx 58081 =>Â Â59.228.86.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 37123 =>Â Â 64.238.74.xx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 37178 =>Â Â 64.238.74.xx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 41003 =>Â Â 65.20.53.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 45785 =>Â 65.186.130.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 45850 =>Â 65.186.130.xxx 80
Wed Nov 18 12:55:26 2015 TCPÂ Â88.198.14xxx 45907 =>Â 65.186.130.xxx 80
Wed Nov 18 12:55:12 2015 TCPÂ Â88.198.14xxx 60607 =>Â Â66.87.185.xxx 80
Wed Nov 18 12:55:12 2015 TCPÂ Â88.198.14xxx 60611 =>Â Â66.87.185.xxx 80
Wed Nov 18 12:55:12 2015 TCPÂ Â88.198.14xxx 60613 =>Â Â66.87.185.xxx 80
Wed Nov 18 12:55:14 2015 TCPÂ Â88.198.14xxx 52693 =>Â 69.191.200.xxx 80
Wed Nov 18 12:55:14 2015 TCPÂ Â88.198.14xxx 52740 =>Â 69.191.200.xxx 80
Wed Nov 18 12:55:14 2015 TCPÂ Â88.198.14xxx 52783 =>Â 69.191.200.xxx 80
Wed Nov 18 12:55:27 2015 TCPÂ Â88.198.14xxx 35453 =>Â Â 71.54.215.xx 80
Wed Nov 18 12:55:27 2015 TCPÂ Â88.198.14xxx 35464 =>Â Â 71.54.215.xx 80
Wed Nov 18 12:55:12 2015 TCPÂ Â88.198.14xxx 39263 => 101.249.145.xxx 80

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




--
http://www.backbox.org
http://www.pentester.iz.rs

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays