My bet is that the recorded IP address dates back to the days when your node was an exit. Naturally the Russian hackers have used Tor, probably in tandem with a VPN – it would have been stupid of them not to, and stupid they are not. And you are right – now the US government will blame Tor exit operators for the sheer stupidity of email operators in political shops such as DNC that do not force their users to encrypt email end to end. PGP is too much trouble for them. If I am right there is nothing you can do now, you have already closed the exit. If they pressure you, migrate your relay to another IP… Rana From: tor-relays [mailto:tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Dr Gerard Bulger I ran an exit node, but gave up after too many abuse reports that annoyed my ISP. So I turned al exit ports off, and reports stopped as a rely. After months and many terabytes of data I get an abuse complaint that my tor IP has been used for espionage. “NCSC have been made aware of a report and associated malicious indicators released by the United States Government relating to malicious cyber activity. A copy if the report and indicators can be found at the following link:- Details within this report indicate network assets which may have been compromised or associated with malicious activity. We have identified the following IP address from this report as x.x.x.x As a minimum, it is recommended that you check systems and any available logs concerned with the above addresses for indications of malicious activity” I assume my IP was found by way of a DNS leak which I need to look into. There is nothing else I can do as a relay to stop this or is there? Gerry |
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays