Thus spake Jon (torance.ca@gmail.com):
On Tue, May 22, 2012 at 3:17 PM, Mike Perry mikeperry@torproject.orgwrote:
On Tue, 22 May 2012 13:29:54 -0500 Jon torance.ca@gmail.com allegedly wrote:
Yep same here, got notice today from ISP on a report of the 20th for alledged hacking with someone using sqlmap. the reporting ip was a brazilian gov ip address.
I just blocked the port and kept on serving....
As of yet, no one has mentioned the port. Out of curiosity, is it included in the Reduced Exit Policy? https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
The port was 57734 - of course that doesn't mean another port could be
used
Are you sure that's not the source port (which is randomized) for the incident? This is a weird destination port.
If so, simply switching to the Reduced Exit Policy (or adding a reject line for *:57734) would prevent the attack from using your exit. No need to stop exiting entirely.