but the packets are injected into the Internet from another location entirely.

On that note, most data-centers nowadays have routers do SRC IP checks, and do not allow the traffic through if it doesn't match that interfaces assigned address.. it would probably more useful to somehow find the company which allows this traffic, and make them update their routers.

My guess is some Russian data-center, there used to be 2x4 notorious for hosting illegal, even yucky child porn sites, on the open internet. In the end, their datacenter burned down or so the story goes. Since it was a cheap Russian building, they had no Argon/CO₂ fire suppression system or even basic sprinklers.

Nonetheless, right now they seem to be back in business, but with much better ToS.

Also, even if you spoof the IP, shouldn't the MAC address still be the one of the server from which the packets originated (unless it's spoofed too)?

-GH

On Wednesday, November 6th, 2024 at 11:40 PM, Matt Palmer mpalmer@hezmatt.org wrote:

On Wed, Nov 06, 2024 at 11:04:51AM +0100, CK wrote:

Replied to Hetzner with my own text and reinstalled my node and installed egress packet filter rules to block traffic to that network. Weird though.

Egress rules won't help, because the traffic never hits your server --
the source IP address is spoofed as yours, but the packets are injected
into the Internet from another location entirely.

- Matt

_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org