[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
From: Ralph Seichter via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 29 Oct 2024 06:52:13 +0100
Cc: Ralph Seichter <ralph@xxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Oct 2024 02:30:44 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1730183435; bh=Vm3VyHsB/kiBI5paahXCvmI9BKUB81mMB20MYAjST/Y=; h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=TSRyjLAJ5aCn/m6aTtAWP3lYz49IDmZHvKXqcdI9yl8IXvXDf1fjoGN5SZwhRz6gm P/4Mg03+zmmTRmWfLZ5S5WVtue825RDWbtHq5sAKoNxFesxW2Lri8o+NrDC9PAktxc FqQKAXmfy7CmFBRS7h6wG3w3HuhCtYs6ThZ5f0jDWzpl7SJ/2KeSnwD1IpyV/AxrJS 0qw37DeQzqGNA4hD1w5bzKZl3L+QfPLgA8ItUXmNSNDqA2qsdR1o3xOYSS4MPWCJVk Z7ZsykxNlQQhdQD8n6gXbnGFYru83E+EeKxT4eot6VXoAA2xEAQdD9s0NcH04gr4A/ XW3SW0ydKAz9A==
In-reply-to: <CA+V6dmizGEo4Y=3tCFmK_xNm7W=d7zh4W=0aypyyzVR+Hn4uoA@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA+V6dmizGEo4Y=3tCFmK_xNm7W=d7zh4W=0aypyyzVR+Hn4uoA@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

* Pierre Bourdon:

> A few hours ago I received a forwarded abuse report from Hetzner for
> one of my machines running a Tor relay (not exit). Some random ISP was
> claiming I was sending SSH connections to them [...]

Same here. Middle relay, automated abuse report forwarded by Hetzner,
for alleged scans of TCP port 22 across several related IPv4 class-C
networks. I wondered if that was a mistake on the reporting third
party's end, but given that I am not the only on, it seems there is more
to it.

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
  - From: mick

References:
- [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
  - From: Pierre Bourdon

Prev by Author: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Next by Author: Re: [tor-relays] DDOS mitigation with nftables
Previous by thread: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Next by thread: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Index(es):
- Author
- Thread