[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?

admin at prsv.ch admin at prsv.ch
Thu Oct 31 21:30:57 UTC 2024


I have also received a notice from my hosting provider regarding this. Have anyone noticed that when you look up the ip that supposedly port scanning 22, there is no reports on abuseipdb?

John - prsv admin

Oct 31, 2024 at 01:30 by delroth at gmail.com:

> On Tue, Oct 29, 2024, 03:33 Pierre Bourdon <> delroth at gmail.com> > wrote:
>
>> By any chance, any other relay ops seeing the same thing, or am I just
>>  going crazy? (it does kind of sound insane...)
>>  
>>  Any speculation as to the reason for this?
>>
>
> My own write-up and explanation (and speculation) is available at > https://delroth.net/posts/spoofed-mass-scan-abuse/>  as a reference. I've had a few people email me saying they had the same scare moment after getting an abuse report and they ended up finding my article, so I'd like to think it's already helped a bit!
>
> I also received an email today from Hetzner's legal team saying that they have read my article (props on them, I didn't send it to them myself!). They are monitoring the situation on their side and emphasized that they do not usually take action on this kind of reports they have recently been forwarding to Tor relay operators. So at least for others hosting relays at Hetzner I don't think it's worth worrying too much. For other hosting providers, your mileage may vary.
>
>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241031/1d980dcf/attachment.htm>


More information about the tor-relays mailing list