> On 22 Sep 2017, at 16:41, x9p <tor.relays@xxxxxxxxxx> wrote: > > >> >> There are two ways this can happen: >> >> Someone set up a tor relay on the "client", and your relay connected >> to it. >> >> Someone is using the hidden service rendezvous protocol to ask non-exit >> relays to scan non-tor IP addresses. Specifying a remote address is a >> feature of the protocol. We have mitigations in place in newer tor >> relay versions to stop scanning of local addresses, and to provide >> limited information to the scanning client. >> > > While the subject is not cleared, I suggest firewall rules to stop the > communication between ORPort and RFC1918 ranges. Tor relays don't connect to RFC1918 ranges by default. Read the man page entries for these options for more details: ExtendAllowPrivateAddresses DirAllowPrivateAddresses ExitPolicyRejectPrivate So you could set up firewall rules, but if they're ever triggered, it's a bug, and we want to know about it. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays