[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Exit relay operators: a call for packets on port 8118

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Exit relay operators: a call for packets on port 8118
From: Aaron Hopkins <lists@xxxxxxx>
Date: Mon, 22 Jul 2013 10:46:57 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 22 Jul 2013 13:47:11 -0400
In-reply-to: <CAJdK_myPYqQt_884gpNy3wQkpx1ESDYgJEzweDb42njV35MeFg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAJdK_myPYqQt_884gpNy3wQkpx1ESDYgJEzweDb42njV35MeFg@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Alpine 2.02 (LRH 1266 2009-07-14)

On Sun, 21 Jul 2013, rotpoison throngnet wrote:

I am hoping that some other exit relay operators can sniff for packets to
destination port 8118


I set up a copy of nginx returning 404s on that port.  After a few thousand
requests, here are the hostnames it is trying to hit:

   4655 ib.adnxs.com
   2193 ad.globe7.com
   1705 ads.creafi-online-media.com
   1149 ad.tagjunction.com
    767 ad.yieldmanager.com
    259 an.z5x.net
    184 ad.z5x.net
    123 ad.xertive.com
    115 ib.reachjunction.com
     80 tags1.z5x.net
     72 ad.bharatstudent.com
     71 ad.reduxmedia.com
     23 ad.smxchange.com
     18 opt.cdxndirectopt.com
     10 www.xtendadvert.com

It might be worth digging up the security contact for at least the top few
of those and give them a heads up.

And the /24s that have sent at least 100 requests (of 811 unique IPs from 122
/24s):

   1182 23.19.54.0/24
    878 173.234.116.0/24
    645 208.115.124.0/24
    639 173.208.16.0/24
    585 23.19.130.0/24
    398 64.120.5.0/24
    397 64.31.43.0/24
    389 64.31.38.0/24
    376 64.31.63.0/24
    369 173.234.41.0/24
    362 108.62.236.0/24
    351 23.19.107.0/24
    328 173.234.33.0/24
    319 64.31.39.0/24
    291 108.62.192.0/24
    280 108.62.5.0/24
    272 173.208.83.0/24
    262 208.115.245.0/24
    238 69.162.66.0/24
    237 70.32.43.0/24
    229 216.245.219.0/24
    223 64.31.52.0/24
    191 64.120.77.0/24
    184 173.234.42.0/24
    180 64.120.60.0/24
    172 63.143.53.0/24
    172 23.19.76.0/24
    172 23.19.35.0/24
    172 173.234.188.0/24
    163 173.208.85.0/24
    159 208.115.200.0/24
    150 173.234.224.0/24
    149 173.234.247.0/24
    147 64.120.58.0/24
    143 74.63.232.0/24
    143 74.63.192.0/24
    137 108.171.248.0/24
    132 64.31.62.0/24
    120 108.62.40.0/24
    116 64.31.48.0/24
    114 173.234.153.0/24
    113 74.63.255.0/24
    113 108.177.183.0/24
    112 69.162.75.0/24
    108 208.115.246.0/24
    103 74.63.199.0/24
    100 63.143.59.0/24

These are very unlikely to have been spoofed, as they were from completedTCP connections.


                                    -- Aaron
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Exit relay operators: a call for packets on port 8118
  - From: rotpoison throngnet

Prev by Author: Re: [tor-relays] Summary of v0.2.3.x --> v0.2.4.x changes?
Next by Author: Re: [tor-relays] Home broadband - worth running a relay?
Previous by thread: Re: [tor-relays] Exit relay operators: a call for packets on port 8118
Next by thread: [tor-relays] relay uptime
Index(es):
- Author
- Thread