Hello all, those watchdogcyberdefense "specialists" have meanwhile publicly admitted their mistake (of course, hidden in a political wording to create a different impression): https://watchdogcyberdefense.com/2024/11/is-this-attackers-ip-spoofed/ Quote: "This experience got us thinking about the need for a swift way to identify spoofed IPs involved in attacks that create substantial backscatter traffic" On November 8, 2024 at 4:44 PM, <tor-operator@urdn.com.ua> wrote: gus :

I'm writing to share that the origin of the spoofed packets has been

identified and successfully shut down today, thanks to the assistance

from Andrew Morris at GreyNoise and anonymous contributors.

Are you sure that it has been effectively shut down? We're still receiving spoofed packets with IP addresses of Tor relays set as source after this message has been posted. We've also received more "reports" from the same newbies after this message was posted. Our traps even see packets with the IP addresses of Tor relays that are in the same subnet. So far we've been able to trace this to a certain peer, we'll be monitoring. _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org -- Sent with https://mailfence.com Secure and private email