[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] So long and thanks for all the abuse complaints



Port scans are part of internet life in my opinion. One cannot have internet access and no (occasional) port scan, spam mails, worms, ...
Having servers on-line and complaining about such things is just unreasonable and laziness on the operator side: don't want scans, then setup proper firewall rules. Done.

Just a "food for thought": how does one distinguishes between slow port scan (as is possible with for example nmap) and actual connection attempts?

Regards


On Tue, 5 Dec 2017 at 17:38 Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx> wrote:
Quoting myself:

> I've had an ongoing debate with a hosting service over a fresh exit
> node being abused for network scans (ports 80 and 443) almost hourly
> for the last few days.

I had the former exit node unlocked an ran it in relay mode for a day.
Today I switched back to exit mode, and a few hours after the exit flag
was reassigned, I already received the next complaint about an outgoing
network scan. The logs sent to me clearly confirm scans taking place,
this is not about the hoster being obstinate.

Looks like I will have to shut down this particular exit for good if
I cannot find a way to prevent it from being abused as network scan
central. :-(

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays