Thanks Mike and Grampa(?) for the replies.
Will send a notification to the exit node admin tomorrow.
And just wish that that small minority of ediots weren't fucking up the world for us.
I guess if I was running an exit I'd spend my life sniffing packets.
But I see that's frowned upon.
Slippery slope slippery slopes....
On 07/06/2014 10:28, Michael Wolf wrote:
On 6/6/2014 7:39 PM, JB wrote:
I just setup my relay node today, and am keeping a hawkish(ish) eye on traffic.... And noticed a flurry of activity from SSH port (22) at 5.104.224.5 - which is listed as an exit.
That exit node uses port 22 as its ORPort (where other relays send Tor traffic). There is nothing suspicious about this. You can verify this info here:
https://globe.torproject.org/#/relay/30D983762D3993AD8F17EB5DCD522A5D6AAE8C5...
But it's also listed onhttp://cbl.abuseat.org/lookup.cgi?ip=5.104.224.5 as infected (or NATting for a computer that is infected) with the Conficker botnet.
Exits are going to show up in all sorts of lists, because a small group of bad people abuse Tor. Exit nodes get blamed because the "victims" think the traffic actually originates at the exit. Mikedddd
I've black-holed it in the meantime, but am wondering if I'm being overly cautious...
Yes :) Please don't block other tor nodes. Tor can communicate to/from any port the admin has configured.
-- Mike _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays