<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"></div><div dir="ltr">Could this be the real issue? <a href="https://delroth.net/posts/spoofed-mass-scan-abuse/">https://delroth.net/posts/spoofed-mass-scan-abuse/</a></div><div dir="ltr">Greetz, </div><div dir="ltr">Richie </div><div dir="ltr"><br><blockquote type="cite">Am 29.10.2024 um 15:12 schrieb mick <mbm@rlogin.net>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>On Tue, 29 Oct 2024 07:47:53 +0000</span><br><span>mick <mbm@rlogin.net> allegedly wrote:</span><br><span></span><br><blockquote type="cite"><blockquote type="cite"><span>Same here. Middle relay, automated abuse report forwarded by</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Hetzner, for alleged scans of TCP port 22 across several related</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>IPv4 class-C networks. I wondered if that was a mistake on the</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>reporting third party's end, but given that I am not the only on,</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>it seems there is more to it.  </span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Me too. Middle relay on Hetzner. Alleged SSH scans from my relay. I</span><br></blockquote><blockquote type="cite"><span>have not yet had time to investigate, but will do so later today.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Mick</span><br></blockquote><span></span><br><span>I have taken a look at my relay and noted activity like this a short</span><br><span>while ago.</span><br><span></span><br><span>105.812429380 202.91.162.47 â†’ 95.216.198.252 TCP 54 22 â†’ 18588 [RST,</span><br><span>ACK] Seq=1 Ack=1 Win=5840 Len=0</span><br><span>113.387329574 202.91.163.206 â†’ 95.216.198.252 TCP 54 22 â†’ 41567</span><br><span>[RST, ACK] Seq=1 Ack=1 Win=4128 Len=0</span><br><span></span><br><span>So - resets coming from a host I have not attempted to connect to.</span><br><span></span><br><span>I have informed hetzner and pointed them to the tor-project note at</span><br><span>https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/85</span><br><span>given by Roger Dingledine.</span><br><span></span><br><span>Mick</span><br><span></span><br><span></span><br><span>---------------------------------------------------------------------</span><br><span> Mick Morgan</span><br><span> gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312</span><br><span> blog: baldric.net</span><br><span>---------------------------------------------------------------------</span><br><span></span><br><span>_______________________________________________</span><br><span>tor-relays mailing list</span><br><span>tor-relays@lists.torproject.org</span><br><span>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</span><br></div></blockquote></body></html>