On Sun, Nov 10, 2024 at 03:15:59AM -0000, tor-operator@urdn.com.ua wrote:
I can confirm that the attack has not stopped and that we continue to monitor spoofed packets with Tor relay's IP addresses including the addresses of relays that are at our network.
This continues to trigger the sending of reports from the same amateurs.
Hi! Can you send me (off-list) the details of what you are seeing?
I see several possible scenarios:
(1) The attack stopped in some places but not in others. Or more specifically, some addresses are no longer being targeted but others still are.
(2) The attackers moved to some new host and started up the attack again, but only to some addresses. Or, some new attacker heard about all the excitement and decided to give it a go.
(3) You are misreading your packets and actually it is more benign than you think or otherwise we can find an expected explanation for what you are seeing.
#1 seems unlikely. #2 is definitely possible and we should look for evidence that it has happened, so we can pull in our friends and allies to do their work again. I am hoping for #3. :)
Thanks, --Roger