[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

Pierre Bourdon delroth at gmail.com
Wed Oct 30 15:01:57 UTC 2024


On Tue, Oct 29, 2024, 03:33 Pierre Bourdon <delroth at gmail.com> wrote:

> By any chance, any other relay ops seeing the same thing, or am I just
> going crazy? (it does kind of sound insane...)
>
> Any speculation as to the reason for this?
>

My own write-up and explanation (and speculation) is available at
https://delroth.net/posts/spoofed-mass-scan-abuse/ as a reference. I've had
a few people email me saying they had the same scare moment after getting
an abuse report and they ended up finding my article, so I'd like to think
it's already helped a bit!

I also received an email today from Hetzner's legal team saying that they
have read my article (props on them, I didn't send it to them myself!).
They are monitoring the situation on their side and emphasized that they do
not usually take action on this kind of reports they have recently been
forwarding to Tor relay operators. So at least for others hosting relays at
Hetzner I don't think it's worth worrying too much. For other hosting
providers, your mileage may vary.

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241030/194544c1/attachment-0001.htm>


More information about the tor-relays mailing list