[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] relay ACK scans



i still get these ACK scans show up in logs ...
still at 2 min intervals
Tor version 0.2.4.20 (git-0d50b03673670de6)


shmick@xxxxxxxxxx:
> 
> i have an iptables firewall rule to log and drop ACK scans and it was
> unusual to see that each of the 4 connected relays at that particular
> moment (a few minutes after logging into the desktop GUI) all attempted
> an ACK scan in lots of 6 attempts almost precisely 2 minutes apart -
> omitted the relay IP's
> 
> Dec 17 02:38:12  kernel: [  153.563425] [Drop] ACK scan:
> Dec 17 02:38:20  kernel: [  160.905773] [Drop] ACK scan:
> Dec 17 02:38:25  kernel: [  166.220964] [Drop] ACK scan:
> Dec 17 02:38:29  kernel: [  170.213327] [Drop] ACK scan:
> Dec 17 02:40:10  kernel: [  270.758473] [Drop] ACK scan:
> Dec 17 02:40:19  kernel: [  279.892578] [Drop] ACK scan:
> Dec 17 02:40:26  kernel: [  286.234685] [Drop] ACK scan:
> Dec 17 02:40:29  kernel: [  289.965468] [Drop] ACK scan:
> Dec 17 02:42:10  kernel: [  390.447814] [Drop] ACK scan:
> Dec 17 02:42:19  kernel: [  399.580929] [Drop] ACK scan:
> Dec 17 02:42:26  kernel: [  406.248149] [Drop] ACK scan:
> Dec 17 02:42:30  kernel: [  409.972448] [Drop] ACK scan:
> Dec 17 02:44:10  kernel: [  510.135013] [Drop] ACK scan:
> Dec 17 02:44:19  kernel: [  519.269133] [Drop] ACK scan:
> Dec 17 02:44:26  kernel: [  526.260980] [Drop] ACK scan:
> Dec 17 02:44:30  kernel: [  529.980302] [Drop] ACK scan:
> Dec 17 02:46:10  kernel: [  629.822953] [Drop] ACK scan:
> Dec 17 02:46:19  kernel: [  638.957732] [Drop] ACK scan:
> Dec 17 02:46:27  kernel: [  646.275473] [Drop] ACK scan:
> Dec 17 02:46:30  kernel: [  649.987220] [Drop] ACK scan:
> Dec 17 02:48:10  kernel: [  749.512538] [Drop] ACK scan:
> Dec 17 02:48:19  kernel: [  758.646298] [Drop] ACK scan:
> Dec 17 02:48:27  kernel: [  766.286965] [Drop] ACK scan:
> Dec 17 02:48:31  kernel: [  769.995298] [Drop] ACK scan:
> 
> i've not seen this before in logs
> 
> i noticed recently the number of established connections to relays is up
> from 3 to 4
> 
> i have this Tor version 0.2.4.19 (git-9a83ee5e4d3cece4)
> 
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk