El 2011-02-25 17.32, Bianco Veigel escribió:
Today I got the second abuse mail within two weeks from my hosting provider. They forced me to take down the exit node, otherwise they will shutdown my server.
How could I detect such a scan and take counter measures to prevent a network scan through tor? I've thougt about Snort, but I've never used it before. The exit node is running in a Xen-vm, behind a pfSense firewall.
I've attached the report from the abuse mail. Does anyone have an idea, what steps should/could be taken?
Only one: re-read your provider contract. It's a contractual issue, no more. If they permit such activities, remain them about; if not, your batlle is lost.