[tor-relays] SSH scans from Tor exit

Michael Wolf mikewolf at riseup.net
Tue Apr 29 03:23:19 UTC 2014

On 4/28/2014 10:04 PM, Zack Weinberg wrote:
> For what it's worth, after complaints from campus IT we also wound up
> blocking SSH in the CMU Tor exit's policy.  It's a shame we can't help
> people do sysadmin stuff and whatnot anonymously, but the port scans
> do seem to happen quite often.
> zw

The silly thing is that port scans happen hundreds of times per day to
every internet-connected device, and Tor isn't involved in the vast
majority of it.  Not a single server on the 'net is made more secure by
an exit node blocking a port.  Will they request that port 80 be blocked
because of the SQL injection and Wordpress vulnerability scans?  Or that
IMAP and FTP ports be blocked for attempts to brute force logins?  Any
open port has the potential for abuse -- blocking ports doesn't seem
like a very well thought-out response to the issue.

The time people spend complaining to exit node operators would be much
better spent performing any number of simple changes that would
/actually/ improve security for the server(s).  I  think if a server is
so threatened by a port scan that it invokes a human response, that
server probably shouldn't be online.


-- Mike

More information about the tor-relays mailing list