[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
From: tor-relays+tor-relays@xxxxxxxxx
Date: Mon, 4 Nov 2024 07:09:15 -0400
Autocrypt: addr=admin@xxxxxxxxx; keydata= xjMEZxN6FRYJKwYBBAHaRw8BAQdAEbFA2briyGXAUsEIceXN9GGMweIW3ircBB+2sn3ndrbN G3F1ZWVyLmNhdCA8YWRtaW5AcXVlZXIuY2F0PsKPBBMWCAA3FiEERfSBuNjWFUktcFNOLs/F GnmA8wAFAmcTehUFCQeEzgACGwMECwkIBwUVCAkKCwUWAgMBAAAKCRAuz8UaeYDzAM+EAP45 RJel8JxWfSP+d1UGrGlV5vM91UOhR/C7fDcsiQQvMgD+LbSLhWl1w8hEzIS7RXsnNdnx2hpj QdBxTfpmaZhqoALOOARnE3oVEgorBgEEAZdVAQUBAQdA6B9X9J9b9PrZjrM2sJb16e+hTdof AtTAUl777P/JTQkDAQgHwn4EGBYIACYWIQRF9IG42NYVSS1wU04uz8UaeYDzAAUCZxN6FQUJ B4TOAAIbDAAKCRAuz8UaeYDzABGuAP9uQM3ToYa78qjlKUKbikdTi5a58MWOINDYnUe9Ursw HwEAr1FrF/gUnptsgAIk+IEjF20EVXPBUSkND4r3P9usuwQ=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 04 Nov 2024 06:09:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=queer.cat; s=mail; t=1730718556; bh=13NXaWwhQJt1winrmMsii8sIipmmPN65ZACAif7uiM0=; h=Date:Subject:To:References:From:In-Reply-To; b=U07WXjrAEPtYaGjw/p4yhcO720CD73UsErmZCFpGNUhtwENStGUJQq8RPUwhSYTOp MbEI1XbRn5G9L8Z4cy5/kQa08Mz8Cxy8033lrRIxKYFYQd2mxBCukEe74t6eP5BykE llqaFcLjs9osKMWRojilG/5biD2GrZT1Vz8G/Fys=
In-reply-to: <f07881985f8ecc3cde7abcc90a13f7f0@ivegotyour.pw>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA+V6dmizGEo4Y=3tCFmK_xNm7W=d7zh4W=0aypyyzVR+Hn4uoA@mail.gmail.com> <D5820VWCTMJZ.3DZ0C1VS96GKW@ml.seichter.de> <20241029074753.7d783593.mbm@rlogin.net> <20241029132317.1b8d4c28.mbm@rlogin.net> <5270fe4b-d22e-4e90-9587-60fadc0557ee@stinpriza.org> <20241031155807.5b3aab77.mbm@rlogin.net> <50e3a78e-3761-4552-82c9-56920ff269ae@nullvoid.me> <169b3310b8c38e726d5ab62b88127fe8@neelc.org> <f07881985f8ecc3cde7abcc90a13f7f0@ivegotyour.pw>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>



On 1/11/24 22:42, Red Oaive via tor-relays wrote:

On 2024-10-31 23:15, Neel Chauhan wrote:
It would be hard to explain to Verizon I run Tor relays since theytechnically don't allow servers. I hope I'm not forced onto AT&TInternet Air as my particular co-op rental unit won't let met getSpectrum even when other units can, not that I wanted Spectrum, I don't.
It shouldn't be necessary to go into great detail. Simply tell themthere have been attacks going around the internet where people's ipaddresses have been spoofed for ssh connections with an eye towardgetting them in trouble with their providers. Explain to them thatfurther actions from them on this matter would be like taking actionagainst a person if someone else forged your reply address on outgoingharassing postal mail letters. In other worst, totally inappropriate.You are not responsible for other people forging your IP address, and ifrequired you can tell them you welcome them to put such monitoring inplace as will prove you aren't responsible for the outgoing sshconnections.
If pressed, you can even offer that you are involved with online privacyadvocacy and that is how your IP address got out.
All of the above is 100% true.
Hopefully just your willingness to accept scrutiny to prove your IPhasn't originated the connection attempts will be enough. If it doesattract too much scrutiny and they discover your Tor contribution, atleast you are no worse off.

If you’re dealing with ISPs that aren’t too friendly towards Tor andyou’re worried they won’t get the technical stuff about SYN packetspoofing, here’s a simple tip: just tell them your machine might havesome malware scanning on port 22 and that you’re looking into it. It’san explanation they hear all the time, so it should help take the heatoff you.

To The Tor Project officials:
So far the Tor Project has left its operators twisting in the wind overthis. Marie has had a ten server account locked over this. A wellworded blog entry explaining the attack would be a very welcomeassistance to refer our providers to. It wouldn't have to mention thisdiscredit attack is targeting relay operators. It can simply say theattack is targeting privacy volunteers for the project and leave theprecise details vague.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
  - From: Neel Chauhan
- Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
  - From: Red Oaive via tor-relays

Prev by Author: Re: [tor-relays] "When you pay peanuts, you get monkeys"
Next by Author: Re: [tor-relays] Fwd: [Abuse #KMLTFQPGVQ] Abusive use of your service vps-3e661acc.vps.ovh.net
Previous by thread: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Next by thread: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Index(es):
- Author
- Thread