[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Wed, 09 Mar 2011 09:20:03 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Mar 2011 03:20:22 -0500
In-reply-to: <20110308183512.15c203c7@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <201103081004.p28A4DNm014704@xxxxxxxxxxxxx> <20110308183512.15c203c7@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7

On 3/9/11 3:35 AM, Robert Ransom wrote:
> Why do you consider a portscan to be an attempt to gain unauthorized
> access to your computer?

The management of the portscan it's really a pain, i got my server on
Hetzner.de disconnected again due to portscan getting out from my TOR
exit node.

They are listed in the "Friendly" good ISP for TOR, but you take less
than 12hours to manage a portscan ticket they will just cut-off your
server and you have to go trough a written and hands-signed declaration
to be sent via digitalized pdf or FAX.

We *really* need to find a technical way to be able to detect and block
outgoing portscan from the TOR exit nodes.

Below an example of the report i got from Hetzner about portscan getting
out from my TOR exit node:


##########################################################################
#               Netscan detected from host   88.198.109.35               #
##########################################################################

time                protocol src_ip src_port          dest_ip dest_port
---------------------------------------------------------------------------
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 56392 =>    31.65.10.163 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 59470 =>    31.65.54.223 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 54086 =>     31.65.72.45 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 59950 =>    31.65.88.131 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 38952 =>   31.65.120.208 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42653 =>     31.66.75.23 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 55963 =>    31.66.115.82 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 58100 =>    31.66.195.70 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 53933 =>    31.66.208.49 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 44360 =>    31.66.208.75 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 40767 =>   31.66.249.136 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 34733 =>    31.67.60.191 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 50122 =>     31.67.77.76 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 49062 =>   31.67.100.236 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 51349 =>    31.67.196.81 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 47977 =>    31.67.225.65 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 33600 =>     31.68.43.89 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 55763 =>    31.68.62.141 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 48964 =>    31.68.104.16 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 52435 =>   31.69.117.138 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 37726 =>    31.69.149.38 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 40678 =>     31.70.47.62 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 39276 =>    31.70.122.82 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 34060 =>   31.70.157.174 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 59382 =>    31.70.175.45 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42583 =>    31.71.11.228 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 51358 =>   31.71.246.117 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 51179 =>   31.72.121.192 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 49689 =>   31.72.165.151 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 49958 =>    31.72.178.72 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 33015 =>     31.73.170.6 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 40535 =>   31.73.173.206 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 40190 =>   31.73.182.167 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 38007 =>   31.73.201.249 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 47829 =>   31.74.114.139 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42451 =>   31.74.239.168 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 36958 =>    31.75.27.127 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42734 =>   31.75.127.188 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42298 =>    31.75.164.80 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 34054 =>   31.75.193.121 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 60265 =>      31.76.3.50 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 48796 =>     31.76.74.41 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 36588 =>   31.76.182.215 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 39682 =>    31.76.205.16 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 40542 =>    31.77.10.157 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42494 =>    31.77.76.109 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42061 =>   31.77.119.231 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42950 =>   31.77.146.156 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 60724 =>   31.77.223.251 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 36208 =>   31.77.224.147 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 49522 =>   31.78.169.199 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 36339 =>     31.78.175.3 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 59629 =>    31.80.67.150 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 36172 =>     31.80.99.74 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 36496 =>    31.80.182.30 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 52575 =>    31.80.242.10 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 41079 =>    31.81.15.152 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 52872 =>    31.81.133.26 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 39720 =>   31.81.208.122 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 53889 =>     31.82.100.0 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 37307 =>   31.82.115.225 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 48091 =>   31.82.128.212 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 33158 =>   31.82.139.158 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 48170 =>     31.83.86.22 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 51846 =>   31.83.160.155 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 53818 =>    31.84.139.78 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 50961 =>   31.84.203.175 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 40926 =>     31.85.30.37 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 48615 =>    31.85.233.17 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 49893 =>   31.86.120.197 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 33616 =>   31.86.120.209 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 60852 =>    31.86.171.42 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 41752 =>   31.87.154.173 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 53469 =>   31.87.190.171 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 43784 =>    31.88.27.217 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 57287 =>       31.89.9.9 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 37264 =>    31.89.26.185 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 48953 =>    31.89.100.22 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 58038 =>   31.89.126.160 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 43601 =>   31.90.111.229 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 43007 =>   31.90.198.139 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 55715 =>   31.91.110.137 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 39617 =>   31.91.135.247 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 60766 =>   31.91.177.129 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 40362 =>      31.92.9.79 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 55762 =>    31.92.12.229 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 39595 =>    31.92.89.203 443
Tue Mar  8 17:36:29 2011 TCP   88.198.109.35 53314 =>   31.92.117.224 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 43721 =>    31.92.154.88 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 45939 =>   31.92.215.189 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 49305 =>   31.93.171.230 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 49708 =>   31.93.228.184 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 37831 =>     31.94.13.26 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 33898 =>     31.94.50.56 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 37904 =>   31.94.141.127 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 37748 =>   31.94.146.165 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 42008 =>    31.94.186.77 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 44779 =>   31.94.217.247 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 50810 =>   46.122.153.78 443
Tue Mar  8 17:36:30 2011 TCP   88.198.109.35 49972 =>  46.122.182.172 443
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
  - From: cmeclax-sazri
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
  - From: grarpamp
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
  - From: Olaf Selke

References:
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Scott Bennett
- Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
  - From: Robert Ransom

Prev by Author: Re: [tor-relays] Filtering at Exit Node [was: Network Scan through Tor Exit Node (Port 80)]
Next by Author: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
Previous by thread: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Next by thread: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
Index(es):
- Author
- Thread