[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?



I have also received a notice from my hosting provider regarding this. Have anyone noticed that when you look up the ip that supposedly port scanning 22, there is no reports on abuseipdb?

John - prsv admin


Oct 31, 2024 at 01:30 by delroth@xxxxxxxxx:
On Tue, Oct 29, 2024, 03:33 Pierre Bourdon <delroth@xxxxxxxxx> wrote:
By any chance, any other relay ops seeing the same thing, or am I just
going crazy? (it does kind of sound insane...)

Any speculation as to the reason for this?

My own write-up and explanation (and speculation) is available at https://delroth.net/posts/spoofed-mass-scan-abuse/ as a reference. I've had a few people email me saying they had the same scare moment after getting an abuse report and they ended up finding my article, so I'd like to think it's already helped a bit!

I also received an email today from Hetzner's legal team saying that they have read my article (props on them, I didn't send it to them myself!). They are monitoring the situation on their side and emphasized that they do not usually take action on this kind of reports they have recently been forwarding to Tor relay operators. So at least for others hosting relays at Hetzner I don't think it's worth worrying too much. For other hosting providers, your mileage may vary.


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays