On Sun, Mar 15, 2026 at 04:47:13PM +0100, Christian Kujau via tor-relays wrote:
This just happened again, and Hetzner forwarded another abuse report to me. This time the "target" addresses were all part of a group called "1st Amendment Encrypted Openness LLC" and they themselves are running Tor infrastructure - unlikely that they contacted Hetzner about connections from other nodes. Destination port was always 443/tcp (https).
But now I see the post "Advisory: Unauthenticated remote trigger of Hetzner's "Netscan" detection" from invisibleprefixes on this list[0] that explains the whole thing in detail -- thank you for posting that!
I hope Hetzner reads their emails and understands this issue. But I'm unsure what they are supposed to do here. Can these "portscans" maybe prevented on a technical level from the relay's end?
Please don't try to solve this on your relay. Relays should be able to reach all other relays all the time and must not interfer with the traffic they should relay. Best regards, Johan