Port scans are part of internet life in my opinion. One cannot have internet access and no (occasional) port scan, spam mails, worms, ...Having servers on-line and complaining about such things is just unreasonable and laziness on the operator side: don't want scans, then setup proper firewall rules. Done.
Just a "food for thought": how does one distinguishes between slow port scan (as is possible with for example nmap) and actual connection attempts?
Regards
Quoting myself:
> I've had an ongoing debate with a hosting service over a fresh exit
> node being abused for network scans (ports 80 and 443) almost hourly
> for the last few days.
I had the former exit node unlocked an ran it in relay mode for a day.
Today I switched back to exit mode, and a few hours after the exit flag
was reassigned, I already received the next complaint about an outgoing
network scan. The logs sent to me clearly confirm scans taking place,
this is not about the hoster being obstinate.
Looks like I will have to shut down this particular exit for good if
I cannot find a way to prevent it from being abused as network scan
central. :-(
-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays