[tor-relays] Re: Update: Tor relays source IPs spoofed to mass-scan port 22

gus gus@torproject.org:

I'm writing to share that the origin of the spoofed packets has been identified and successfully shut down today, thanks to the assistance from Andrew Morris at GreyNoise and anonymous contributors.

Are you sure that it has been effectively shut down? We're still receiving spoofed packets with IP addresses of Tor relays set as source after this message has been posted. We've also received more "reports" from the same newbies after this message was posted.

Our traps even see packets with the IP addresses of Tor relays that are in the same subnet.

So far we've been able to trace this to a certain peer, we'll be monitoring.