On Tue, 29 Oct 2024 07:47:53 +0000
mick <mbm@rlogin.net> allegedly wrote:

Same here. Middle relay, automated abuse report forwarded by

Hetzner, for alleged scans of TCP port 22 across several related

IPv4 class-C networks. I wondered if that was a mistake on the

reporting third party's end, but given that I am not the only on,

it seems there is more to it.  

Me too. Middle relay on Hetzner. Alleged SSH scans from my relay. I

have not yet had time to investigate, but will do so later today.

Mick

I have taken a look at my relay and noted activity like this a short
while ago.

105.812429380 202.91.162.47 → 95.216.198.252 TCP 54 22 → 18588 [RST,
ACK] Seq=1 Ack=1 Win=5840 Len=0
113.387329574 202.91.163.206 → 95.216.198.252 TCP 54 22 → 41567
[RST, ACK] Seq=1 Ack=1 Win=4128 Len=0

So - resets coming from a host I have not attempted to connect to.

I have informed hetzner and pointed them to the tor-project note at
https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/85
given by Roger Dingledine.

Mick


---------------------------------------------------------------------
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
blog: baldric.net
---------------------------------------------------------------------

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays