[tor-relays] Again: abuse email for non-exit relay (masergy)

niftybunny abuse-contact at to-surf-and-protect.net
Sun May 3 21:57:58 UTC 2020


So its a generic attack on an RFC 1918 IP.

Thats really helpful. I also love the possible cause and the top-notch log ….

People are getting paid real money to send this shit?

niftybunny

> On 3. May 2020, at 22:15, lists at for-privacy.net wrote:
> 
> Hi,
> 
> got multiple abuse in the last 2 weeks.
> 
> 2 relays with 2 IP run on the server. Someone is always hammering my OR port on one IP. (37.157.255.118:9002)
> https://metrics.torproject.org/rs.html#details/BD2A34ADE4E603A272FAAD23AEF389801BB223BB
> https://metrics.torproject.org/rs.html#details/8EE44717FA55705C12086F3ECD1F8D9C8676FD05
> 
> 
> What can I do?
> 
> Found that in the archive:
> https://lists.torproject.org/pipermail/tor-relays/2017-September/013030.html
> 
> 
> the 5th complaint:
> ##############################################################################################################
> 
> To Whom it May Concern,
> 
> You have a system on your network that is actively scanning and/or attacking external sites on the Internet.  This can come from many sources and because it is often difficult to detect this activity, we are sending this E-mail in an attempt to help you solve the problem.
> 
> We have detected your system with an IP of, 37.157.255.118, scanning a client we monitor.  This was not a short attack but a prolonged scan and/or probe that was designed to find and intrude into the target network.
> 
> This may be someone on your network who is actively trying to hack others. This person may be a legitimate user on your network or it may be that this system has been compromised and is being used by someone to hack others. It is also likely that the system is running automated tools that have been installed to perform these actions without any human intervention.
> 
> Below is the information about the attack.  Keep in mind that the source IP of our client has been sanitized for anonymity.
> 
> Date: 04/30/2020
> Time: 11:05:37
> Time Zone: America/Chicago
> Source(s): 37.157.255.118
> Type of Attack/Scan: Generic
> Hosts: 10.10.10.182
> Log:
> 
> 37.157.255.118:9002 > 10.10.10.182:24562
> 
> Possible Cause:
> 
> 
> Thank you for your attention to this matter,
> 
> Masergy
> email: esp at masergy.com
> 
> --
> ╰_╯ Ciao Marco!
> 
> Debian GNU/Linux
> 
> It's free software and it gives you freedom!
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200503/0d5aacfe/attachment-0001.sig>


More information about the tor-relays mailing list