On Mon, Dec 04, 2017 at 01:55:56PM -0500, Zack Weinberg wrote: :For the record, those daily complaints about abusive SSH scanning were :serious reports requiring a reply. And they were not all from the :same source. The only reply ever required is a form letter stating this is a Tor exit, here's a link to how to block tor exits if that's what you want. Our standard response is: --- Hello, The source address 128.31.0.13 is a Tor exit node, and is not the origin point for the traffic in question. See http://tor-exit.csail.mit.edu (which is the host in your logs) for details. Any action taken on this node would simply result in the problem traffic using a different exit. For further information please read http://tor-exit.csail.mit.edu/ the bottom of this page includes information on how to block all Tor exits should you wish to do so (including links to get a list of all current Tor exits). Sincerely, The Infrastructure Group MIT Computer Science and Artificial Intelligence Laboratory --- Very few people enguage in further discussion (like <1 per year). -Jon