On 22 Sep 2017, at 08:49, relay 000 relay0@mailbox.org wrote:
FYI, I got this email for a non-exit relay - please share if you get them as well:
...
You have a system on your network that is actively scanning and/or attacking external sites on the Internet. This can come from many sources and because it is often difficult to detect this activity, we are sending this E-mail in an attempt to help you solve the problem.
We have detected your system with an IP of, <relay-IP>, scanning a client we monitor. This was not a short attack but a prolonged scan and/or probe that was designed to find and intrude into the target network.
There are two ways this can happen:
Someone set up a tor relay on the "client", and your relay connected to it.
Someone is using the hidden service rendezvous protocol to ask non-exit relays to scan non-tor IP addresses. Specifying a remote address is a feature of the protocol. We have mitigations in place in newer tor relay versions to stop scanning of local addresses, and to provide limited information to the scanning client.
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------