[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Botnet targeting Tor relays

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Botnet targeting Tor relays
From: Marco Predicatori <marco@xxxxxxxxxxxxxx>
Date: Thu, 17 Oct 2024 12:34:53 +0200
Autocrypt: addr=marco@xxxxxxxxxxxxxx; keydata= xsFNBFQ3/iwBEADXtYmVmk3U6TQl4EQCLY4NRVWtpRQdptLegMcHI5pQ2pvnE/EIpeTR7fet s3i6Z66hrdM6IwVjca2Hs3Jsp6jgUFkUXBagzguxZ2s3EGOXjL+R1uuyyEcF8c8hLmRwCMt+ JFIzoQS9VJAj1zC3RQqMD7IiUTXJT2Ic652bfALNBMHhBo3/9lesOHs+BXZMLfVCKdl0uG/H W+6LdBXYsC/cuBkyuAuZMyy11hiNGQ8K552B2KHMrMUrMU4IhijUSBpTl2LVBiwOzq+GhRSN 67eGulS0qkw532SUo51HLk39pf6w5u+Q5QWcULU0q5XMX9U2Z/GQ18DHRcXozT90Sg3Rp31w 7xBguN1tOHVjh+ckBBRM/Ah2lAiK8OZtBiKlSicj3dNYzRxyPAzhYO2CN3qR45LEu9F5iTBf aK7ef+UIrLLrapoyVZLsciwFMRKaxkOPmkQ/YrgOf6W4V1dsJTsuLDzkTun7Y+I5YFD8dVzj BSdDRkWWcTashJr7C5oHLgCkvpYgOUC9kIJt6gYcYtjBf976ChxzKGgM0A/zcj5ssX59jurb UtP0CXthvGENOFtIpqajy0qfdwKNN8um9BmfxIpJPgI0MSDBu3sG/Vb4HhAOHEXIQG3KGQxU 4LNldtEmbSPgQm/pcx+KvBOiuLuGTdgKctWNaXGbKxKar+5DPwARAQABzTdNYXJjbyBQcmVk aWNhdG9yaSAoUGVyc29uYWwga2V5KSA8bWFyY29AcHJlZGljYXRvcmkuaXQ+wsF5BBMBAgAj BQJUN/4sAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQH9H2gXEM8zBFIRAAhe6Q Cfd0R1KK4Nw86MUcKJg1TBkPCFKjLXguJJhFd1vhkW9ctY4r2jOK4Nt+H2nwbvowHzmyTBHy wboFzpfjhpSpcTKfor3T6qqyi77Zj4AZ5PzcPx4gUZjotlsVW6O5wwDB9uBrmYEO33S6sXka 9r3qozzVpYi6Y7xOXaROzC9oQWQn3lsxTuWJDcuvH0mYv/YgHLGvCm+B+PiYbF7MuXCvC842 Rk+jlieq8zLj0ef3YqJH2wyLEWZ4BldqNka2R12ReTPqU7IaGzrnLwFZMVd3920CwmPgUMAl RAb2DsnTWWNNboItI1tlnepPXDfsSwXdK2vPPjmERDa+ni/K5QltUmRZKXyPwcPJCu3Q50H0 XmB2upn9wzY0JYeAyNKyAF7twsSVtIZy3fg7j6TrvUNZKIqIUJn5j7H0TUEneLSikXKknGIW fp9DTepuIU3CEykkMiJ29g8YmQPoZs8wDTHz22+OhI0qOY6YgOdQPFst654ic9goLnL5i1Zl Td/KD6JdqEjuLeu3Tw5EMXIF5Dha2ARQAkkDSFun9E2PggMIp7l5K6/IcVMmV92823kgkI0G ef2xZLJ4vBmzhyIYE9zBgtCMXx7iLAl6mS4Elf6sJQWevcpT5E/UaS5cwV6lTy4rxzuODPWj /0GpPhox8MVJfez+OqXxwC/BJ9IvqZLOwU0EVDf+LAEQANinb+6/3m81Ywjahxy5xvlUK/Yx 6pLIxomLfIcR9izBf7riqs/yYSz58MQCwlfimmkzceYweRDSHq+SrOyp2sWDHoWe9jBBqu/r rBpK05Eub+2+Cn7oY5fy7MmHvUrtzOH6BpgFN6HIkqx28AXsNNsNVb2Ghuv0baEjLti2swz1 xUVqfVhrzpWQw/rKZOWth5CFu1y2RPLQJ0t1tIgGz0AkfuCDwXFLixBxFT5R0b7FfT73BpBY E+tzFoLY3hB2/OgDcNbWTaFJPq8IMtSiDYRzsHgPhs6/WSKQr289IlQYiOq6+WSxl6MkanGD z2MfgAtl1T1WLnZSyrBKhZycpNwzDUOcaQHr0m7sAGDOV7miJJNj//v6pEpV2mNv0V01r4g5 E0171tdQ7BJ8k4qz/RzV+wspEKE2ceMTwpT0kgYxP4Y0yqnp6ulP/DhfuKLkpXvdAh2zSfo4 uUycWVHC4XMsB6o/51nZG6EwDgzOP9F8vNxS3V0dNc3S/gMIZMUMpYpepvcFFwGbBToIgYZx ObudIEycRdjlZgnMLjMo/2i5/Ob2ediA90N90UwJ0ui2iPi9Xjnti+kJuI4CVnEms9SYEF9V ufhwcZ+trgL3GqEn4xxaIXmsJ/mk3/zppt0e7KU3tgEeWobAn4pyUi+CpTjFYi7SXJMqae6w NJv9c84pABEBAAHCwV8EGAECAAkFAlQ3/iwCGwwACgkQH9H2gXEM8zDzPQ//bYGGfJCw3OAl SvM1wAvvz+TUOqua25jQoHIUFUI+ovjBjx3IhZMTdpRXivXpbSWkeCs3WVHQSjIGDTKOKBCd 3Ejr4TjAbT+BFB3XjgB0bshZ5LwELYDWt03YtrBI+XtXOUo5QqVok941v/ax1/XCTCGLXmx7 fnIB23ukr/2OZqM3gVVcEqOnxop8j8UCl8//58y3YXDaZj9ZHAxkDsuC7rOOM48/shq60wsV nptjHj6w8Z2po1d10TPYH2n50Bc7e946AGTjlj+Ap71r6tc1IxtqkwvQ3kDn37SL3k+g9017 9JEZhM7D7jOgRd4ekwWKzrSG2DItqwuvfltctWEb0k1KXTH0eoEQw7QhHLr+WslXiTGj7JFa QPSrJD7tYQi+7pwzK4OmEdwzojCFBdIsUS3wnGiBQ0M6cI0axjZSgSnZyVAHAYevncbzeTqB nhgmMxDT2V0QUlDsdAHR04yAmqLLyONdzIXEaISDnlbK5eOVgXMAWnKWQvYxhvWupFQAJS7d 4IkScrSQsaXoFwAnfXbqkTpSqiiHu8qbtOTRyTBc/f0JwewEMXYb276EOaIv/Oh5+HPS7Q/l eKlaTeucruuiKEnmfmTuUKquyuEORZb9coE4qlkf+NOx8AXyuucAbYJGDny2DTNiUs8UJgvR uiChA0D+00pR+bGNoz77wl8=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 17 Oct 2024 06:47:46 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aruba.it; s=a1; t=1729161300; bh=k+Tr0qSLCkh6whVXGnQ/sBm7xejXft4KCDVHduzrkc4=; h=Date:MIME-Version:Subject:To:From:Content-Type; b=gg/TcFBLBbQgpgMB9ivZFFyUICRRn20GQIhAkkjcMN8wn4Yuk9izl91BDqQvcEiwW pcthy4GCKssEWaYuYazxldJZkmvYjs6ugePU9+aYlo2woEtF+MwaajbCWV+jxolUMe E2IThu1fspj7sce7lY2ttCdRsveW9tatHe2RSH/LSt+XinvCw53yeOHh4iXoubdDfX cxVDBaoZCF/+SrEzYe8dYdt1DdFzhhZBd9zjmH0EIpGU5zhvdrMtyTiH34jmbcmUnX fTt70UeCA5twGVC3lNbXR2Hrjk4xC60b6H+wQOaZf0tEKpqfeo9cJHXxWIY903E2fC Gx78ux73YGqjQ==
In-reply-to: <5c15c963-355c-4f2d-8ab6-c43fff73510b@kai.sx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5c15c963-355c-4f2d-8ab6-c43fff73510b@kai.sx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird

anon@xxxxxx wrote on 10/17/24 10:40:

Hello,
I run several Linux root servers, spread over several providers, some of whichserve as Tor relays. For a few weeks now I have been observing massive bruteforce attempts via SSH from hundreds of sources around the world. However, onlythe Tor relays are affected, the rest of the servers are not.
Are other relay operators also observing something like this? Is there currentlya botnet targeting Tor relays?


Yes, since the dawn of times. My firewalll blocks any connection to port 22.


--
Marco
https://nusenu.github.io/OrNetStats/w/relay/A4E74410D83705EEFF24BC265DE2B2FF39BDA56E.html
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Botnet targeting Tor relays
  - From: anon

Prev by Author: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Next by Author: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Previous by thread: [tor-relays] Botnet targeting Tor relays
Next by thread: Re: [tor-relays] Botnet targeting Tor relays
Index(es):
- Author
- Thread