> On 22 Sep 2017, at 08:49, relay 000 <relay0@xxxxxxxxxxx> wrote: > > FYI, I got this email for a non-exit relay - please share if you get them as well: > > ... > > You have a system on your network that is actively scanning and/or attacking external sites on the Internet. This can come from many sources and because it is often difficult to detect this activity, we are sending this E-mail in an attempt to help you solve the problem. > > We have detected your system with an IP of, <relay-IP>, scanning a client we monitor. This was not a short attack but a prolonged scan and/or probe that was designed to find and intrude into the target network. There are two ways this can happen: Someone set up a tor relay on the "client", and your relay connected to it. Someone is using the hidden service rendezvous protocol to ask non-exit relays to scan non-tor IP addresses. Specifying a remote address is a feature of the protocol. We have mitigations in place in newer tor relay versions to stop scanning of local addresses, and to provide limited information to the scanning client. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays