Hello all,

those watchdogcyberdefense "specialists" have meanwhile publicly admitted their mistake (of course, hidden in a political wording to create a different impression):
https://watchdogcyberdefense.com/2024/11/is-this-attackers-ip-spoofed/

Quote: "This experience got us thinking about the need for a swift way to identify spoofed IPs involved in attacks that create substantial backscatter traffic"


On November 8, 2024 at 4:44 PM, <tor-operator@urdn.com.ua> wrote:
gus :

> I'm writing to share that the origin of the spoofed packets has been
> identified and successfully shut down today, thanks to the assistance
> from Andrew Morris at GreyNoise and anonymous contributors.

Are you sure that it has been effectively shut down? We're still
receiving spoofed packets with IP addresses of Tor relays set as source
after this message has been posted. We've also received more "reports"
from the same newbies after this message was posted.

Our traps even see packets with the IP addresses of Tor relays that are
in the same subnet.

So far we've been able to trace this to a certain peer, we'll be
monitoring.
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org



--
Sent with https://mailfence.com
Secure and private email