Hi my ISP keeps on getting abuse reports from Shadowserver because of IRC bots attacking their honepots from my Tor exit node. Turns out, the "victim's" IP addresses are registered as belonging to subdomains of sinkhole.shadowserver.org. I don't quite understand how any attacker is trapped by a honepot that is publicly marked as being one. Furthermore, I don't know how this IRC bot is able to operate with mail and web ports only as my tor exit node is dropping everything else. But apparently this keeps on happening. Am I the only one having this anoying problem? If no, I wanted to ask how you deal with this? If yes, I wanted to ask if anybody knows a way to check every outgoing TCP connection for connecting to *.sinkhole.shadowserver.org and dropping it if needed. Additionally, I will try to get in contact with these Shadowserver cracks to kindly ask them not sending useless and confusing abuse reports to my ISP. Explaining the issue to the latter unfortunatelly failed... best regards Alex
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk