True, but as Mick wrote in this thread they are more meant as proof to Hetzner that my node doesn't allow contact with the addresses listed.
When I received the abuse emails I was slightly panicking and reinstalled the node from scratch because I couldn't prove that I had *not* been hacked. I found this thread only later and learned that IP spoofing might be in play. Somehow I assumed IP spoofing to be a thing of the past - interesting that this is still possible.
Or "Cyberdogdefense" is just making stuff up, all the did is send a bunch of "log entries" to Hetzner and *claim* these nodes made login attempts to their network.
The worst case would be that there's an actual problem in the Tor code, leaking stuff not to exit nodes but to targets outside of the Tor network.
CK.
On 6 November 2024 23:40:08 CET, Matt Palmer mpalmer@hezmatt.org wrote:
On Wed, Nov 06, 2024 at 11:04:51AM +0100, CK wrote:
Replied to Hetzner with my own text and reinstalled my node and installed egress packet filter rules to block traffic to that network. Weird though.
Egress rules won't help, because the traffic never hits your server -- the source IP address is spoofed as yours, but the packets are injected into the Internet from another location entirely.
- Matt
tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org