Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN

On 3/9/11 3:35 AM, Robert Ransom wrote:

Why do you consider a portscan to be an attempt to gain unauthorized access to your computer?

The management of the portscan it's really a pain, i got my server on Hetzner.de disconnected again due to portscan getting out from my TOR exit node.

They are listed in the "Friendly" good ISP for TOR, but you take less than 12hours to manage a portscan ticket they will just cut-off your server and you have to go trough a written and hands-signed declaration to be sent via digitalized pdf or FAX.

We *really* need to find a technical way to be able to detect and block outgoing portscan from the TOR exit nodes.

Below an example of the report i got from Hetzner about portscan getting out from my TOR exit node:

########################################################################## # Netscan detected from host 88.198.109.35 # ##########################################################################

time protocol src_ip src_port dest_ip dest_port --------------------------------------------------------------------------- Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 56392 => 31.65.10.163 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 59470 => 31.65.54.223 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 54086 => 31.65.72.45 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 59950 => 31.65.88.131 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 38952 => 31.65.120.208 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42653 => 31.66.75.23 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 55963 => 31.66.115.82 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 58100 => 31.66.195.70 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 53933 => 31.66.208.49 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 44360 => 31.66.208.75 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40767 => 31.66.249.136 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 34733 => 31.67.60.191 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 50122 => 31.67.77.76 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49062 => 31.67.100.236 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 51349 => 31.67.196.81 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 47977 => 31.67.225.65 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33600 => 31.68.43.89 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 55763 => 31.68.62.141 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48964 => 31.68.104.16 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 52435 => 31.69.117.138 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37726 => 31.69.149.38 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40678 => 31.70.47.62 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39276 => 31.70.122.82 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 34060 => 31.70.157.174 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 59382 => 31.70.175.45 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42583 => 31.71.11.228 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 51358 => 31.71.246.117 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 51179 => 31.72.121.192 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 49689 => 31.72.165.151 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49958 => 31.72.178.72 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33015 => 31.73.170.6 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40535 => 31.73.173.206 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 40190 => 31.73.182.167 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 38007 => 31.73.201.249 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 47829 => 31.74.114.139 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42451 => 31.74.239.168 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 36958 => 31.75.27.127 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42734 => 31.75.127.188 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42298 => 31.75.164.80 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 34054 => 31.75.193.121 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 60265 => 31.76.3.50 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48796 => 31.76.74.41 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 36588 => 31.76.182.215 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39682 => 31.76.205.16 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40542 => 31.77.10.157 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42494 => 31.77.76.109 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42061 => 31.77.119.231 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42950 => 31.77.146.156 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 60724 => 31.77.223.251 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 36208 => 31.77.224.147 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49522 => 31.78.169.199 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 36339 => 31.78.175.3 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 59629 => 31.80.67.150 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 36172 => 31.80.99.74 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 36496 => 31.80.182.30 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 52575 => 31.80.242.10 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 41079 => 31.81.15.152 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 52872 => 31.81.133.26 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39720 => 31.81.208.122 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 53889 => 31.82.100.0 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37307 => 31.82.115.225 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48091 => 31.82.128.212 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33158 => 31.82.139.158 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48170 => 31.83.86.22 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 51846 => 31.83.160.155 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 53818 => 31.84.139.78 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 50961 => 31.84.203.175 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40926 => 31.85.30.37 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 48615 => 31.85.233.17 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 49893 => 31.86.120.197 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33616 => 31.86.120.209 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 60852 => 31.86.171.42 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 41752 => 31.87.154.173 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 53469 => 31.87.190.171 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 43784 => 31.88.27.217 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 57287 => 31.89.9.9 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37264 => 31.89.26.185 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48953 => 31.89.100.22 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 58038 => 31.89.126.160 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 43601 => 31.90.111.229 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 43007 => 31.90.198.139 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 55715 => 31.91.110.137 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39617 => 31.91.135.247 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 60766 => 31.91.177.129 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40362 => 31.92.9.79 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 55762 => 31.92.12.229 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39595 => 31.92.89.203 443 Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 53314 => 31.92.117.224 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 43721 => 31.92.154.88 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 45939 => 31.92.215.189 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49305 => 31.93.171.230 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49708 => 31.93.228.184 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37831 => 31.94.13.26 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33898 => 31.94.50.56 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37904 => 31.94.141.127 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37748 => 31.94.146.165 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42008 => 31.94.186.77 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 44779 => 31.94.217.247 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 50810 => 46.122.153.78 443 Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49972 => 46.122.182.172 443