Thus spake Jon (torance.ca@xxxxxxxxx): > On Tue, May 22, 2012 at 3:17 PM, Mike Perry <mikeperry@xxxxxxxxxxxxxx>wrote: > > > > On Tue, 22 May 2012 13:29:54 -0500 > > > Jon <torance.ca@xxxxxxxxx> allegedly wrote: > > > > > > > Yep same here, got notice today from ISP on a report of the 20th for > > > > alledged hacking with someone using sqlmap. the reporting ip was a > > > > brazilian gov ip address. > > > > > > > > I just blocked the port and kept on serving.... > > > > As of yet, no one has mentioned the port. Out of curiosity, is it > > included in the Reduced Exit Policy? > > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy > > > > The port was 57734 - of course that doesn't mean another port could be > used Are you sure that's not the source port (which is randomized) for the incident? This is a weird destination port. If so, simply switching to the Reduced Exit Policy (or adding a reject line for *:57734) would prevent the attack from using your exit. No need to stop exiting entirely. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays