Port scans are part of internet life in my opinion. One cannot have internet access and no (occasional) port scan, spam mails, worms, ... Having servers on-line and complaining about such things is just unreasonable and laziness on the operator side: don't want scans, then setup proper firewall rules. Done.
Just a "food for thought": how does one distinguishes between slow port scan (as is possible with for example nmap) and actual connection attempts?
Regards
On Tue, 5 Dec 2017 at 17:38 Ralph Seichter m16+tor@monksofcool.net wrote:
Quoting myself:
I've had an ongoing debate with a hosting service over a fresh exit node being abused for network scans (ports 80 and 443) almost hourly for the last few days.
I had the former exit node unlocked an ran it in relay mode for a day. Today I switched back to exit mode, and a few hours after the exit flag was reassigned, I already received the next complaint about an outgoing network scan. The logs sent to me clearly confirm scans taking place, this is not about the hoster being obstinate.
Looks like I will have to shut down this particular exit for good if I cannot find a way to prevent it from being abused as network scan central. :-(
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays