On Mon, Dec 04, 2017 at 01:55:56PM -0500, Zack Weinberg wrote:
:For the record, those daily complaints about abusive SSH scanning were :serious reports requiring a reply. And they were not all from the :same source.
The only reply ever required is a form letter stating this is a Tor exit, here's a link to how to block tor exits if that's what you want.
Our standard response is:
---
Hello,
The source address 128.31.0.13 is a Tor exit node, and is not the origin point for the traffic in question. See http://tor-exit.csail.mit.edu (which is the host in your logs) for details. Any action taken on this node would simply result in the problem traffic using a different exit.
For further information please read http://tor-exit.csail.mit.edu/ the bottom of this page includes information on how to block all Tor exits should you wish to do so (including links to get a list of all current Tor exits).
Sincerely, The Infrastructure Group MIT Computer Science and Artificial Intelligence Laboratory
---
Very few people enguage in further discussion (like <1 per year).
-Jon