[tor-relays] Is this probing normal for a bridge
Imre Jonk
imre at imrejonk.nl
Tue Apr 7 17:54:44 UTC 2020
On Mon, 2020-04-06 at 14:04 -0700, Eddie wrote:
> On the VPS where I run a couple of bridges, I often see the
> following:
>
> tcp6 0 0 aaa.bbb.cc.dd:443 194.14.247.1:18913
> SYN_RECV
> tcp6 0 0 aaa.bbb.cc.dd:443 54.93.50.35:18457
> SYN_RECV
> tcp6 0 0 aaa.bbb.cc.dd:443 194.68.0.1:29917
> SYN_RECV
>
> Is this normal probing by the script kiddies or is it specific
> because
> I'm running the bridges.
I'd say the former, it is most probably regular Internet background
noise. Regular relays and especially exit relays are a much bigger
target than bridges (whose IP addresses are not conveniently listed).
This kind of port scanning should be quite harmless as long as you're
not exposing vulnerable software.
Imre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200407/6a7dc560/attachment-0001.sig>
More information about the tor-relays
mailing list