[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Ongoing scan from FDCServers block
Hmm, FDC servers is known for doing bad things on tor
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
iirc this was on FDC servers too
On 2014-08-27 10:43, linenoiz@xxxxxxxxxxxxx wrote:
For the past week or so I've been seeing unsolicited echo replies coming from FDC servers block and one that looks like it is owned by China(?) Most of the entries are from 67.159.54.101 and I am seeing around one per minute. I verified by running tcpdump for a couple minutes (no longer, I'm not an illegal wiretapper!) that I'm not sending echo requests. IPTables is configured to drop and log this invalid traffic.
Any idea what they are trying to accomplish? Some convoluted way of pinging me because they don't get an ICMP unreachable back? And why every minute?
DENY IN=eth0 OUT= MAC=xxx SRC=67.159.54.101 DST=yyy LEN=40 TOS=0x08 PREC=0x20 TTL=55 ID=61817 PROTO=ICMP TYPE=0 CODE=0 ID=10249 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=67.159.54.101 DST=yyy LEN=40 TOS=0x08 PREC=0x20 TTL=55 ID=61817 PROTO=ICMP TYPE=0 CODE=0 ID=58375 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=67.159.54.102 DST=yyy LEN=40 TOS=0x08 PREC=0x20 TTL=55 ID=39417 PROTO=ICMP TYPE=0 CODE=0 ID=62498 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=50.117.112.42 DST=yyy LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=28340 PROTO=ICMP TYPE=0 CODE=0 ID=30728 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=50.117.112.42 DST=yyy LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=28334 PROTO=ICMP TYPE=0 CODE=0 ID=30728 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=50.117.112.42 DST=yyy LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=28335 PROTO=ICMP TYPE=0 CODE=0 ID=54277 SEQ=0
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays