[tor-relays] SSH scans from Tor exit

grarpamp grarpamp at gmail.com
Wed Apr 30 20:21:14 UTC 2014

On Wed, Apr 30, 2014 at 2:14 PM, Delton Barnes <delton.barnes at mail.ru> wrote:

> I'd suggest the problem is administrators treating a Tor exit node the
> same as a compromised machine.

Sure, and it's part of the sometimes improper administrivia kneejerk
response. And the SCREAMING involved with this one certainly incites
an unbalanced response upon the less experienced/knowledgeable.

> these attacks, so administrators should have to just accept them."

The operator of agnostic midpoint carriage services / relay is different
than the ISP of the following two machines, and different than the
targeted machine, or the attacking machine. Each has different rules
of play available to them, with the midpoint carrier likely having least
duty among them to do anything. It's not as if blocking exit:22 to the
reporter's machine is going to do anything useful on their end given
the rest of the internet they're open to, but if you want to appease them
and your upstream, feel free. I wouldn't, but to each their own relay policy :)

More information about the tor-relays mailing list