[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Port scanning via exit node



Hi Folks:

I got an abuse complaint from my VPS host, because someone was using my
exit node for port scanning.
Here is the first bit of his (redacted) log.

Attack detail : 4K scans
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason
2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:35008 xxx.xxx.xxx.xxx:22 TCP
SYN 60 SCAN:SYN
2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:46532 xxx.xxx.xxx.xxx:22 TCP
SYN 60 SCAN:SYN
2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:41718 xxx.xxx.xxx.xxx:22 TCP
SYN 60 SCAN:SYN

Hosting dude says he'd appreciate it if I could prevent this, but I'm
not sure how.

I'm afraid I don't have any logs - the VPS got reimaged.

Suggestions how to prevent or mitigate this are welcome.

Cheers,

K.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays