[tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Wed Mar 9 08:20:03 UTC 2011
On 3/9/11 3:35 AM, Robert Ransom wrote:
> Why do you consider a portscan to be an attempt to gain unauthorized
> access to your computer?
The management of the portscan it's really a pain, i got my server on
Hetzner.de disconnected again due to portscan getting out from my TOR
exit node.
They are listed in the "Friendly" good ISP for TOR, but you take less
than 12hours to manage a portscan ticket they will just cut-off your
server and you have to go trough a written and hands-signed declaration
to be sent via digitalized pdf or FAX.
We *really* need to find a technical way to be able to detect and block
outgoing portscan from the TOR exit nodes.
Below an example of the report i got from Hetzner about portscan getting
out from my TOR exit node:
##########################################################################
# Netscan detected from host 88.198.109.35 #
##########################################################################
time protocol src_ip src_port dest_ip dest_port
---------------------------------------------------------------------------
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 56392 => 31.65.10.163 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 59470 => 31.65.54.223 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 54086 => 31.65.72.45 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 59950 => 31.65.88.131 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 38952 => 31.65.120.208 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42653 => 31.66.75.23 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 55963 => 31.66.115.82 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 58100 => 31.66.195.70 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 53933 => 31.66.208.49 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 44360 => 31.66.208.75 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40767 => 31.66.249.136 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 34733 => 31.67.60.191 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 50122 => 31.67.77.76 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49062 => 31.67.100.236 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 51349 => 31.67.196.81 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 47977 => 31.67.225.65 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33600 => 31.68.43.89 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 55763 => 31.68.62.141 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48964 => 31.68.104.16 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 52435 => 31.69.117.138 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37726 => 31.69.149.38 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40678 => 31.70.47.62 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39276 => 31.70.122.82 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 34060 => 31.70.157.174 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 59382 => 31.70.175.45 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42583 => 31.71.11.228 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 51358 => 31.71.246.117 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 51179 => 31.72.121.192 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 49689 => 31.72.165.151 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49958 => 31.72.178.72 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33015 => 31.73.170.6 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40535 => 31.73.173.206 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 40190 => 31.73.182.167 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 38007 => 31.73.201.249 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 47829 => 31.74.114.139 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42451 => 31.74.239.168 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 36958 => 31.75.27.127 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42734 => 31.75.127.188 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42298 => 31.75.164.80 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 34054 => 31.75.193.121 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 60265 => 31.76.3.50 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48796 => 31.76.74.41 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 36588 => 31.76.182.215 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39682 => 31.76.205.16 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40542 => 31.77.10.157 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42494 => 31.77.76.109 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42061 => 31.77.119.231 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42950 => 31.77.146.156 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 60724 => 31.77.223.251 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 36208 => 31.77.224.147 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49522 => 31.78.169.199 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 36339 => 31.78.175.3 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 59629 => 31.80.67.150 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 36172 => 31.80.99.74 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 36496 => 31.80.182.30 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 52575 => 31.80.242.10 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 41079 => 31.81.15.152 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 52872 => 31.81.133.26 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39720 => 31.81.208.122 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 53889 => 31.82.100.0 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37307 => 31.82.115.225 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48091 => 31.82.128.212 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33158 => 31.82.139.158 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48170 => 31.83.86.22 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 51846 => 31.83.160.155 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 53818 => 31.84.139.78 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 50961 => 31.84.203.175 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40926 => 31.85.30.37 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 48615 => 31.85.233.17 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 49893 => 31.86.120.197 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33616 => 31.86.120.209 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 60852 => 31.86.171.42 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 41752 => 31.87.154.173 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 53469 => 31.87.190.171 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 43784 => 31.88.27.217 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 57287 => 31.89.9.9 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37264 => 31.89.26.185 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 48953 => 31.89.100.22 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 58038 => 31.89.126.160 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 43601 => 31.90.111.229 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 43007 => 31.90.198.139 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 55715 => 31.91.110.137 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39617 => 31.91.135.247 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 60766 => 31.91.177.129 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 40362 => 31.92.9.79 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 55762 => 31.92.12.229 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 39595 => 31.92.89.203 443
Tue Mar 8 17:36:29 2011 TCP 88.198.109.35 53314 => 31.92.117.224 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 43721 => 31.92.154.88 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 45939 => 31.92.215.189 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49305 => 31.93.171.230 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49708 => 31.93.228.184 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37831 => 31.94.13.26 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 33898 => 31.94.50.56 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37904 => 31.94.141.127 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 37748 => 31.94.146.165 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 42008 => 31.94.186.77 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 44779 => 31.94.217.247 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 50810 => 46.122.153.78 443
Tue Mar 8 17:36:30 2011 TCP 88.198.109.35 49972 => 46.122.182.172 443
More information about the tor-relays
mailing list