21 May
2016
21 May
'16
1:19 p.m.
Hi Folks: I got an abuse complaint from my VPS host, because someone was using my exit node for port scanning. Here is the first bit of his (redacted) log. Attack detail : 4K scans dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason 2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:35008 xxx.xxx.xxx.xxx:22 TCP SYN 60 SCAN:SYN 2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:46532 xxx.xxx.xxx.xxx:22 TCP SYN 60 SCAN:SYN 2016.05.14 17:13:47 CEST xxx.xxx.xxx.xxx:41718 xxx.xxx.xxx.xxx:22 TCP SYN 60 SCAN:SYN Hosting dude says he'd appreciate it if I could prevent this, but I'm not sure how. I'm afraid I don't have any logs - the VPS got reimaged. Suggestions how to prevent or mitigate this are welcome. Cheers, K.