[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?



You likely discovered a way, how criminals (or Intel agencies, since there is no difference) are being allowed access to middle relays.

--x9p

On 10/29/24 04:47, mick wrote:
On Tue, 29 Oct 2024 06:52:13 +0100
Ralph Seichter via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
allegedly wrote:

* Pierre Bourdon:

A few hours ago I received a forwarded abuse report from Hetzner for
one of my machines running a Tor relay (not exit). Some random ISP
was claiming I was sending SSH connections to them [...]
Same here. Middle relay, automated abuse report forwarded by Hetzner,
for alleged scans of TCP port 22 across several related IPv4 class-C
networks. I wondered if that was a mistake on the reporting third
party's end, but given that I am not the only on, it seems there is
more to it.
Me too. Middle relay on Hetzner. Alleged SSH scans from my relay. I
have not yet had time to investigate, but will do so later today.

Mick


---------------------------------------------------------------------
  Mick Morgan
  gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
  blog: baldric.net
---------------------------------------------------------------------

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays