[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

tor at x9p.org tor at x9p.org
Tue Oct 29 16:27:24 UTC 2024


You likely discovered a way, how criminals (or Intel agencies, since 
there is no difference) are being allowed access to middle relays.

--x9p

On 10/29/24 04:47, mick wrote:
> On Tue, 29 Oct 2024 06:52:13 +0100
> Ralph Seichter via tor-relays <tor-relays at lists.torproject.org>
> allegedly wrote:
>
>> * Pierre Bourdon:
>>
>>> A few hours ago I received a forwarded abuse report from Hetzner for
>>> one of my machines running a Tor relay (not exit). Some random ISP
>>> was claiming I was sending SSH connections to them [...]
>> Same here. Middle relay, automated abuse report forwarded by Hetzner,
>> for alleged scans of TCP port 22 across several related IPv4 class-C
>> networks. I wondered if that was a mistake on the reporting third
>> party's end, but given that I am not the only on, it seems there is
>> more to it.
> Me too. Middle relay on Hetzner. Alleged SSH scans from my relay. I
> have not yet had time to investigate, but will do so later today.
>
> Mick
>
>
> ---------------------------------------------------------------------
>   Mick Morgan
>   gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
>   blog: baldric.net
> ---------------------------------------------------------------------
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



More information about the tor-relays mailing list