[tor-bugs] #2964 [Tor Relay]: Tor network scanning?

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Apr 20 18:47:26 UTC 2011 

#2964: Tor network scanning?
-------------------------+--------------------------------------------------
 Reporter:  cypherpunks  |          Owner:                    
     Type:  defect       |         Status:  new               
 Priority:  normal       |      Milestone:  Tor: 0.2.1.x-final
Component:  Tor Relay    |        Version:  Tor: 0.2.1.26     
 Keywords:               |         Parent:                    
   Points:               |   Actualpoints:                    
-------------------------+--------------------------------------------------
 Running TBB relay, Tor 0.2.1.30 on Windows 7. I have changed my old router
 to a more modern firewall with NAT, SPI, DoS-prevention, UPnP and QOS. Has
 automatically configured port forward successfully. I do not mirror relay
 directory. Tor message log showing “warning eventdns: all nameservers have
 failed” and “notice eventdns: nameserver …. is backup” during start.
 Firewall log below. Tor is working, but has Tor gone crazy port scanning
 (ACK,SYN,FIN,UDP) the network?

 Apr 20 19:28:33         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 20 19:21:02         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [FIN Scan]
 Apr 20 19:20:30         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [FIN Scan]
 Apr 20 19:15:21         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [FIN Scan]
 Apr 20 19:10:31         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [FIN Scan]
 Apr 20 19:04:29         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 20 19:04:20         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 20 19:04:17         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 20 18:59:20         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [FIN Scan]
 Apr 20 18:53:08         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 …..
 Apr 19 19:38:56         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [SYN Scan]
 Apr 19 19:38:51         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [FIN Scan]
 Apr 19 19:37:52         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 19 19:25:08         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 19 19:25:00         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 19 19:24:11         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [FIN Scan]
 Apr 19 19:17:33         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 19 19:14:04         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 19 19:12:29         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]
 Apr 19 19:07:51         DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0
 [ACK Scan]

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2964>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list