[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Exit relays abused to attack Google services





On Wed, 2 Feb 2022 at 11:05, UDN Tor via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx> wrote:

> Note we believe some of these IPs are part of the Meris or Dvinis
> botnets.  If you are a residential Internet service provider, it is
> possible that your customers' routers themselves have been
> compromised.  You should research the Meris botnet and take
> appropriate actions to have them secure their CPE (customer-premises
> equipment).

This is probably the main reason those reports are being sent.
Meris is a huge botnet using (at least) tens of thousands of compromised routers. 
https://www.bleepingcomputer.com/news/security/new-m-ris-botnet-breaks-ddos-record-with-218-million-rps-attack/

Those notices were probably sent automatically to many ISPs hoping some of them would get their customers to fix their routers, and tor exits were probably just not filtered.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays