[tor-relays] too many abuse reports

Mike Perry mikeperry at torproject.org
Wed May 23 04:18:16 UTC 2012


Thus spake Jon (torance.ca at gmail.com):

> On Tue, May 22, 2012 at 3:17 PM, Mike Perry <mikeperry at torproject.org>wrote:
> 
> > > On Tue, 22 May 2012 13:29:54 -0500
> > > Jon <torance.ca at gmail.com> allegedly wrote:
> > >
> > > > Yep same here, got notice today from ISP on a report of the 20th for
> > > > alledged hacking with someone using sqlmap. the reporting ip was a
> > > > brazilian gov ip address.
> > > >
> > > > I just blocked the port and kept on serving....
> >
> > As of yet, no one has mentioned the port. Out of curiosity, is it
> > included in the Reduced Exit Policy?
> > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
> >
> >  The port was 57734 - of course that doesn't mean another port could be
> used

Are you sure that's not the source port (which is randomized) for the
incident? This is a weird destination port.

If so, simply switching to the Reduced Exit Policy (or adding a reject
line for *:57734) would prevent the attack from using your exit. No need
to stop exiting entirely.


-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120522/e588ebb6/attachment.pgp>


More information about the tor-relays mailing list