[tor-relays] Exit relay operators: a call for packets on port 8118
Aaron Hopkins
lists at die.net
Mon Jul 22 17:46:57 UTC 2013
On Sun, 21 Jul 2013, rotpoison throngnet wrote:
> I am hoping that some other exit relay operators can sniff for packets to
> destination port 8118
I set up a copy of nginx returning 404s on that port. After a few thousand
requests, here are the hostnames it is trying to hit:
4655 ib.adnxs.com
2193 ad.globe7.com
1705 ads.creafi-online-media.com
1149 ad.tagjunction.com
767 ad.yieldmanager.com
259 an.z5x.net
184 ad.z5x.net
123 ad.xertive.com
115 ib.reachjunction.com
80 tags1.z5x.net
72 ad.bharatstudent.com
71 ad.reduxmedia.com
23 ad.smxchange.com
18 opt.cdxndirectopt.com
10 www.xtendadvert.com
It might be worth digging up the security contact for at least the top few
of those and give them a heads up.
And the /24s that have sent at least 100 requests (of 811 unique IPs from 122
/24s):
1182 23.19.54.0/24
878 173.234.116.0/24
645 208.115.124.0/24
639 173.208.16.0/24
585 23.19.130.0/24
398 64.120.5.0/24
397 64.31.43.0/24
389 64.31.38.0/24
376 64.31.63.0/24
369 173.234.41.0/24
362 108.62.236.0/24
351 23.19.107.0/24
328 173.234.33.0/24
319 64.31.39.0/24
291 108.62.192.0/24
280 108.62.5.0/24
272 173.208.83.0/24
262 208.115.245.0/24
238 69.162.66.0/24
237 70.32.43.0/24
229 216.245.219.0/24
223 64.31.52.0/24
191 64.120.77.0/24
184 173.234.42.0/24
180 64.120.60.0/24
172 63.143.53.0/24
172 23.19.76.0/24
172 23.19.35.0/24
172 173.234.188.0/24
163 173.208.85.0/24
159 208.115.200.0/24
150 173.234.224.0/24
149 173.234.247.0/24
147 64.120.58.0/24
143 74.63.232.0/24
143 74.63.192.0/24
137 108.171.248.0/24
132 64.31.62.0/24
120 108.62.40.0/24
116 64.31.48.0/24
114 173.234.153.0/24
113 74.63.255.0/24
113 108.177.183.0/24
112 69.162.75.0/24
108 208.115.246.0/24
103 74.63.199.0/24
100 63.143.59.0/24
These are very unlikely to have been spoofed, as they were from completed
TCP connections.
-- Aaron
More information about the tor-relays
mailing list