[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

[Red Oaive]

On 2024-10-31 23:15, Neel Chauhan wrote:

> It would be hard to explain to Verizon I run Tor relays since they 
> technically don't allow servers. I hope I'm not forced onto AT&T 
> Internet Air as my particular co-op rental unit won't let met get 
> Spectrum even when other units can, not that I wanted Spectrum, I 
> don't.

It shouldn't be necessary to go into great detail.  Simply tell them 
there have been attacks going around the internet where people's ip 
addresses have been spoofed for ssh connections with an eye toward 
getting them in trouble with their providers.  Explain to them that 
further actions from them on this matter would be like taking action 
against a person if someone else forged your reply address on outgoing 
harassing postal mail letters.  In other worst, totally inappropriate.  
You are not responsible for other people forging your IP address, and if 
required you can tell them you welcome them to put such monitoring in 
place as will prove you aren't responsible for the outgoing ssh 
connections.

If pressed, you can even offer that you are involved with online privacy 
advocacy and that is how your IP address got out.

All of the above is 100% true.

Hopefully just your willingness to accept scrutiny to prove your IP 
hasn't originated the connection attempts will be enough.  If it does 
attract too much scrutiny and they discover your Tor contribution, at 
least you are no worse off.


To The Tor Project officials:

So far the Tor Project has left its operators twisting in the wind over 
this.  Marie has had a ten server account locked over this.  A well 
worded blog entry explaining the attack would be a very welcome 
assistance to refer our providers to.  It wouldn't have to mention this 
discredit attack is targeting relay operators.  It can simply say the 
attack is targeting privacy volunteers for the project and leave the 
precise details vague.