On 13-07-21 08:40 PM, rotpoison throngnet wrote:
I am an exit relay operator in Honolulu that has posted to this list before, on the same subject. I am hoping that some other exit relay operators can sniff for packets to destination port 8118 (usually used for Privoxy) to confirm that they are seeing the same thing I am on all exit relays that I have set up in the last half year. Depending on your network configuration, you might have to instead record firewall logs for that port. Don’t worry, unless you have your Privoxy service open to the world, you won’t be intercepting or eavesdropping on any legitimate traffic. You should just be seeing SYN packets from a few hundred-strong net of Windows servers now hosted at Gorilla Servers, Ubiquity/Nobistech, and Limestone Networks, with a handful at Psychz. I am calling this malicious (?) net of Windows servers Rotpoi$on.
I have more details in the most recent blog post at https://b.kentbackman.com
I am not running an exit at present, but i am curious. Shouldnt a SYN flood attack be handled automatically by the ISP? I don't think we can do anything on the node itself.