[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

Jonathan Proulx jon at csail.mit.edu
Tue Oct 29 13:55:20 UTC 2024


We've definitely seen an up tick in this type of complain.  One of the
abuse reports for "port scanning" had a log of exactly 3 SYN packets
to port 22, IDK why people bother with soemthing like that given the
amount of actual SSH scans I see against our infrastructure
constantly.

New one today though, apparently spoofed web exploit probing. That's
probably going to trigger a bigger reaction if it becomes more wide
spread than a few ssh packets.

-Jon

-- 
Jonathan Proulx (he/him)
Sr. Technical Architect
The Infrastructure Group
MIT CSAIL


More information about the tor-relays mailing list