[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
From: Neel Chauhan <neel@xxxxxxxxx>
Date: Thu, 31 Oct 2024 22:15:17 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 Nov 2024 05:38:47 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neelc.org; s=mtx1; t=1730427317; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TVAbZOaNltmKu9l3R0VPipRQ9mNDJ/S0NsxFwQZc5No=; b=WYhMHrTmKCctkX/aap210az1JKTfvjTT1B8+RfTuMhuA830tt3kuE5NIPcS9SZcgnWj3c/ cspYXTlMuq/aBDIy4mH4Knx1BVzNS3yyh4IuoVfmTq+Wgp5kmhfK9AWa6dCPyV2eliA9tw NzGEmh0Om5lAFZyLru461XuWRjUUZS4=
In-reply-to: <50e3a78e-3761-4552-82c9-56920ff269ae@nullvoid.me>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA+V6dmizGEo4Y=3tCFmK_xNm7W=d7zh4W=0aypyyzVR+Hn4uoA@mail.gmail.com> <D5820VWCTMJZ.3DZ0C1VS96GKW@ml.seichter.de> <20241029074753.7d783593.mbm@rlogin.net> <20241029132317.1b8d4c28.mbm@rlogin.net> <5270fe4b-d22e-4e90-9587-60fadc0557ee@stinpriza.org> <20241031155807.5b3aab77.mbm@rlogin.net> <50e3a78e-3761-4552-82c9-56920ff269ae@nullvoid.me>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 2024-10-31 13:42, tor@xxxxxxxxxxx wrote:

I got an abuse report on my Guard, Middle, relay hosted at OVH.
I replied with the blog post and explanation that it's an attackoutside of my server spoofing packets. No reply back from OVH, noaccount suspension either.

I got an abuse complaint from Verizon today since I have a middle relayon Fios (actually eight). I hope I don't get more and/or am forced to gobridge-only. I run eight exits on OVH over 2 IPs and have no abuse tho.

I thought maybe it's an issue with my MikroTik router or an infectedWindows PC or Rocky server, I didn't realize it was TCP forgery onmiddle relays. FSB, maybe?

It would be hard to explain to Verizon I run Tor relays since theytechnically don't allow servers. I hope I'm not forced onto AT&TInternet Air as my particular co-op rental unit won't let met getSpectrum even when other units can, not that I wanted Spectrum, I don't.


-Neel

Regards,

mick:

On Thu, 31 Oct 2024 11:25:30 +0200
"Dimitris T. via tor-relays" <tor-relays@xxxxxxxxxxxxxxxxxxxx>
allegedly wrote:

similar situation here with hetzner.. got a first report 2 days ago,
and just a while ago got another abuse report, by the same
watchdogcyberdefence.... with more alleged activity from our ip...

like everybody else, there's nothing coming out from our relay ip, so
we strongly believe "Theory three"[1] .

Agree.

I have just received another "abuse" report. Hetzner have yet to
respond to my last reply to them.

Mick

---------------------------------------------------------------------
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
blog: baldric.net
---------------------------------------------------------------------

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
  - From: Red Oaive via tor-relays

Prev by Author: Re: [tor-relays] Please check if your relay has fallen out of the consensus
Next by Author: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Previous by thread: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Next by thread: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Index(es):
- Author
- Thread