* Marco Moock via tor-relays:
Tell them that this traffic is intended and you run TOR.
I don't recommend doing that, because an outbound netscan is neither intended, nor might it be real to begin with. I have seen these reports crop up between ca. 2-4 times per month for guard and middle nodes. Looked like spoofed TCP traffic, which Hetzner's monitoring attributed to hosts based on IP address alone. I interpret this as an attempt of some third party to cause trouble for Tor operators aiming to stir up conflicts with the ISP. Keep in mind that while Hetzner does not prohibit Tor nodes, they do prohibit disruptive use of their infrastructure. That includes port scans. I find that the best course of action is to calmly process the automated reports within the allotted timespan, verify/confirm that your server did not in fact cause any malign traffic, and file it under "shit happens". Yes, it is annoying, but I can understand that Hetzner is trying to prevent being seen as a source of abusive behaviour. -Ralph