[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

Carlo P. cp_tor at mailfence.com
Thu Oct 31 10:32:15 UTC 2024


Just received today two abuse tickets...

On October 31, 2024 at 9:29 AM, Pierre Bourdon <delroth at gmail.com> wrote:

On Tue, Oct 29, 2024, 03:33 Pierre Bourdon <delroth at gmail.com> wrote:

By any chance, any other relay ops seeing the same thing, or am I just

 going crazy? (it does kind of sound insane...)

 Any speculation as to the reason for this?

My own write-up and explanation (and speculation) is available at https://delroth.net/posts/spoofed-mass-scan-abuse/ as a reference. I've had a few people email me saying they had the same scare moment after getting an abuse report and they ended up finding my article, so I'd like to think it's already helped a bit!

I also received an email today from Hetzner's legal team saying that they have read my article (props on them, I didn't send it to them myself!). They are monitoring the situation on their side and emphasized that they do not usually take action on this kind of reports they have recently been forwarding to Tor relay operators. So at least for others hosting relays at Hetzner I don't think it's worth worrying too much. For other hosting providers, your mileage may vary.

_______________________________________________

tor-relays mailing list

tor-relays at lists.torproject.org

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
Sent with https://mailfence.com  
Secure and private email
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241031/fd775be1/attachment-0001.htm>


More information about the tor-relays mailing list