[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Port scanning via exit node

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Port scanning via exit node
From: ken@xxxxxxxxxxxxxx
Date: Sat, 21 May 2016 22:35:33 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 21 May 2016 17:35:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kenbaker.co.uk; s=google; h=from:reply-to:subject:references:to:message-id :disposition-notification-to:date:user-agent:mime-version :in-reply-to; bh=lPzxiOKYfo4+rc8NzMubhfTUFZL7XrWp215JT1TTewU=; b=Yuiafgx/oLI2YKIxC+wdjUsJaDacrdIaSaUuLyGdl45X/UAC3lHcH2TOxLFGGajBvw ZCoSOBhtCp7FFeqtw+ttuHjUykG/n6Iebqu913XJ6UPj+HQVFrtFIbXSMNa2618Rzh4c xWVoN/u76WaWC3ToIOer3E2QjphgVKtDEypFc=
In-reply-to: <CAAd2PDJp=niFW4LrSThn93Pj=ySj9fmvVnN3JQxNrBAi9A984w@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <57408A92.9080701@xxxxxxxxxxxxxx> <CAAd2PDJp=niFW4LrSThn93Pj=ySj9fmvVnN3JQxNrBAi9A984w@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0

Yeah, he knows, he'd just kind of like it to go away.

A bit of googling yielded something called tortunnel which links direct to the exit node and allows a scan. It'd be nice to make a bit of an effort though, so, anyone know how to interfere with that? It's Moxie, mind you, so it's probably bulletproof.

K.

On 21/05/16 21:46, Green Dream wrote:

There's really nothing to do. Based on the limited logs, it looks like someone was just looking for open TCP port 22 (ssh). You can't really block the scans by source since you don't know the source address (because Tor). You could prevent connections to port 22, but that would prevent everyone else from using ssh through your exit, and also, it wouldn't stop port scanning of any other ports allowed through the exit.

I'd just explain you're running a Tor exit, and thus you cannot identify the source of the scan.

As common as port scanning is (and has been for as long as the Internet has been around), I'm surprised providers still worry about it this much.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Port scanning via exit node
  - From: Yawning Angel

References:
- [tor-relays] Port scanning via exit node
  - From: ken
- Re: [tor-relays] Port scanning via exit node
  - From: Green Dream

Prev by Author: [tor-relays] Port scanning via exit node
Next by Author: Re: [tor-relays] I'm Running A Tor Exit But Never Initiated It
Previous by thread: Re: [tor-relays] Port scanning via exit node
Next by thread: Re: [tor-relays] Port scanning via exit node
Index(es):
- Author
- Thread