On 22 Sep 2017, at 16:41, x9p tor.relays@x9pneu.com wrote:
There are two ways this can happen:
Someone set up a tor relay on the "client", and your relay connected to it.
Someone is using the hidden service rendezvous protocol to ask non-exit relays to scan non-tor IP addresses. Specifying a remote address is a feature of the protocol. We have mitigations in place in newer tor relay versions to stop scanning of local addresses, and to provide limited information to the scanning client.
While the subject is not cleared, I suggest firewall rules to stop the communication between ORPort and RFC1918 ranges.
Tor relays don't connect to RFC1918 ranges by default.
Read the man page entries for these options for more details: ExtendAllowPrivateAddresses DirAllowPrivateAddresses ExitPolicyRejectPrivate
So you could set up firewall rules, but if they're ever triggered, it's a bug, and we want to know about it.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------