On Sun, Apr 08, 2018 at 12:23:32PM +0200, Felix wrote:
Since November my ISP and I received a hand full of abuses for a non-exit. It is about scanning ports and addresses of a certain let's say victim ISP. I received one other abuse with another server.
For now I kindly want to ask if some operator received similar abuses for non-exits ? [1]
Yes, I get periodic abuse complaints to moria1 (my directory authority).
People complain that I connect to them over and over for weeks or months, doing port scans.
What's really happening is that they are connecting to me -- meaning they are running a Tor client -- and they are using some confusing firewall tool that makes them misunderstanding what's going on.
Once we collect enough tcpdump style logs from them, it becomes clear that they are seeing the "syn ack" from my computer, and since their outgoing connections to my relay use a fresh (high-numbered) port each time, they think it is port scanning.
They never connect my computer with Tor in their minds. They just run a firewall tool and send complaints to the places they see in its logs.
--Roger