[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22
From: tor-operator@xxxxxxxxxxx
Date: Fri, 8 Nov 2024 14:31:51 -0000
In-reply-to: <Zy0LwfLYx2z9fqiD@localhost>
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
References: <Zy0LwfLYx2z9fqiD@localhost>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

gus <gus@xxxxxxxxxxxxxx>:

> I'm writing to share that the origin of the spoofed packets has been
> identified and successfully shut down today, thanks to the assistance
> from Andrew Morris at GreyNoise and anonymous contributors.

Are you sure that it has been effectively shut down? We're still
receiving spoofed packets with IP addresses of Tor relays set as source
after this message has been posted. We've also received more "reports"
from the same newbies after this message was posted.

Our traps even see packets with the IP addresses of Tor relays that are
in the same subnet.

So far we've been able to trace this to a certain peer, we'll be
monitoring.
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- [tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22
  - From: tor-operator

References:
- [tor-relays] Update: Tor relays source IPs spoofed to mass-scan port 22
  - From: gus

Prev by Author: [tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22
Next by Author: Re: [tor-relays] "When you pay peanuts, you get monkeys"
Previous by thread: [tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22
Next by thread: [tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22
Index(es):
- Author
- Thread