[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
From: Jonathan Proulx <jon@xxxxxxxxxxxxx>
Date: Tue, 29 Oct 2024 09:55:20 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Oct 2024 09:55:36 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=outgoing.csail.mit.edu; s=test20231205; h=In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=tnI8NTEjn2JbDawSh9nC6reJEyBvLloIpc3HJBIyqk4=; t=1730210126; x=1731074126; b=dfUsM9w/0UNYq6z+mqQiX/SlOK+Q7kcgk0Npyd2cb2MD+t3WxhF0uTg0JxZYyhpNxR+BN4C36V7 Ihm2wO9qmGrMyAWjbQKPhG8jRYV07mNCgTloKz8gzaDiGpCvEeXqNm4m3NF78jLe7fM1+0AX9mgZX CslOJEjpGxbCzfEiM78FmpK1vWz1SauAUqWzKhDUjjgzZozWB1jQYKUWTEWVbRGGTVCodQIZCd8d8 +L9Yrj7n/AqRm/gGXXhjxYoBX+BNp3gxVnrP8Nk6/x+oeAH5jqycj24g4LVcnzgcOTzzBF91HVW3w EUCbNnOBhJ/QP/aAKcGbJw29hKMX5kGYzLow==;
In-reply-to: <ZyB6Mw_-GcuzBau0@nogrod.csail.mit.edu>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA+V6dmizGEo4Y=3tCFmK_xNm7W=d7zh4W=0aypyyzVR+Hn4uoA@mail.gmail.com> <ZyB6Mw_-GcuzBau0@nogrod.csail.mit.edu>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

We've definitely seen an up tick in this type of complain.  One of the
abuse reports for "port scanning" had a log of exactly 3 SYN packets
to port 22, IDK why people bother with soemthing like that given the
amount of actual SSH scans I see against our infrastructure
constantly.

New one today though, apparently spoofed web exploit probing. That's
probably going to trigger a bigger reaction if it becomes more wide
spread than a few ssh packets.

-Jon

-- 
Jonathan Proulx (he/him)
Sr. Technical Architect
The Infrastructure Group
MIT CSAIL
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
  - From: tor-operator

References:
- [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
  - From: Pierre Bourdon
- Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] Next Tor Relay Operator meetup - October 26th, 2024 at 1900 UTC
Next by Author: Re: [tor-relays] Botnet targeting Tor relays
Previous by thread: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Next by thread: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Index(es):
- Author
- Thread