Hi,
First rule is to use some firewall, 2nd is to disable that port for few days. You will not lose exit flag becuase of this, just will give you time to learn more about how to secure your node. Few friends using FirewallBuilder to learn how to build their firewall system, maybe you can start with that as well (http://www.fwbuilder.org/). Check and learn about flood attack and using iptables to block them. Good luck, maybe other node admins will have better solution for your case.
On 25 November 2015 at 23:21, Roland 'ValiDOM' Jungnickel < vali2015@validom.de> wrote:
hi,
I'm operating a tor exit with a relatively high bandwith rate for more than 3 years.
My ISP receives more and more abuse tickets about my server regarding netscans. These netscans are executed with dest. port 80 so I'm not able to block them easily.
Any idea how to prevent netscans using my exit node? Below you find an extract of such an abuse mail.
Thanks a lot! ValiDOM
Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 41518 => 46.20.92.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 41545 => 46.20.92.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 41575 => 46.20.92.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 45219 => 59.192.63.xx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 45218 => 59.192.63.xx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 45217 => 59.192.63.xx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 42460 => 59.203.179.x 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 42517 => 59.203.179.x 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 42569 => 59.203.179.x 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 57564 => 59.211.15.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 57596 => 59.211.15.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 57631 => 59.211.15.xxx 80 Wed Nov 18 12:55:27 2015 TCP 88.198.14xxx 58022 => 59.228.86.xxx 80 Wed Nov 18 12:55:27 2015 TCP 88.198.14xxx 58046 => 59.228.86.xxx 80 Wed Nov 18 12:55:27 2015 TCP 88.198.14xxx 58081 => 59.228.86.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 37123 => 64.238.74.xx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 37178 => 64.238.74.xx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 41003 => 65.20.53.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 45785 => 65.186.130.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 45850 => 65.186.130.xxx 80 Wed Nov 18 12:55:26 2015 TCP 88.198.14xxx 45907 => 65.186.130.xxx 80 Wed Nov 18 12:55:12 2015 TCP 88.198.14xxx 60607 => 66.87.185.xxx 80 Wed Nov 18 12:55:12 2015 TCP 88.198.14xxx 60611 => 66.87.185.xxx 80 Wed Nov 18 12:55:12 2015 TCP 88.198.14xxx 60613 => 66.87.185.xxx 80 Wed Nov 18 12:55:14 2015 TCP 88.198.14xxx 52693 => 69.191.200.xxx 80 Wed Nov 18 12:55:14 2015 TCP 88.198.14xxx 52740 => 69.191.200.xxx 80 Wed Nov 18 12:55:14 2015 TCP 88.198.14xxx 52783 => 69.191.200.xxx 80 Wed Nov 18 12:55:27 2015 TCP 88.198.14xxx 35453 => 71.54.215.xx 80 Wed Nov 18 12:55:27 2015 TCP 88.198.14xxx 35464 => 71.54.215.xx 80 Wed Nov 18 12:55:12 2015 TCP 88.198.14xxx 39263 => 101.249.145.xxx 80
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays