[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Jonathan Proulx
jon at csail.mit.edu
Tue Oct 29 13:55:20 UTC 2024
We've definitely seen an up tick in this type of complain. One of the
abuse reports for "port scanning" had a log of exactly 3 SYN packets
to port 22, IDK why people bother with soemthing like that given the
amount of actual SSH scans I see against our infrastructure
constantly.
New one today though, apparently spoofed web exploit probing. That's
probably going to trigger a bigger reaction if it becomes more wide
spread than a few ssh packets.
-Jon
--
Jonathan Proulx (he/him)
Sr. Technical Architect
The Infrastructure Group
MIT CSAIL
More information about the tor-relays
mailing list