[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Blocking PSN

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Blocking PSN
From: SuperSluether <supersluether@xxxxxxxxx>
Date: Tue, 29 Nov 2016 07:48:56 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Nov 2016 08:49:15 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=LEW+odVqyk7bYJdDA3uLRwFutiIpum0tsquVoexWz1A=; b=R0aUeKzuXw2kIb82d8k4Ru9DJ791zNIb17P2P3XAGI4DfGfzPKlJDYa/uLq7NUjWLm nBNXN8O+79XeQd4DKhMnjRAOGM8yr4ujrAcXB2dzgLTPyYoVF9Q8iN3GxrZIb4ySGDPr f9vY1av8tz3DnL+9Sz/ahKF6xULEmKJRZmS/wWxPUniVF1lrhv9ltTvN3Oour71qWmxw jDtu7INR9QgA0W5TdtBuYQZOxLMO19bwjB6GqmnVtw/saHgin/T/Kx8mxPwR07zE2gsk 6aTiR6RLTLRzs7p58Op2Iyra2j32AVH0VwqepUn67NT3e3oX7epQMGG0V3gXtj+yyFPW a1FQ==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

I keep getting Account Takeover Attempt abuses on my Tor exit, and I'mnot sure how to handle them:


It is most likely the attack traffic is directed at one of the following endpoints:

account.sonyentertainmentnetwork.com
auth.np.ac.playstation.net
auth.api.sonyentertainmentnetwork.com
auth.api.np.ac.playstation.net

These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.

The destination port will be TCP 443.

I used 'dig' and 'ping' to see what IP address the 4 endpoints resolvedas, and blocked the resulting addresses, but I'm still getting theabuse. The Whois records show Sony and PSN owning 63.x.x.x, 64.x.x.x,68.x.x.x, and 108.x.x.x addresses, but the websites above resolve to23.x.x.x, so either the lists are incomplete or I'm doing something wrong.


Any ideas?
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Blocking PSN
  - From: pa011

Prev by Author: Re: [tor-relays] manual vs. automated updates
Next by Author: Re: [tor-relays] Tor bandwith question
Previous by thread: Re: [tor-relays] Assigning new IP adrees to current relay
Next by thread: Re: [tor-relays] Blocking PSN
Index(es):
- Author
- Thread