[tor-relays] More attack traffic against Tor detected on exit relay
tor at t-3.net
tor at t-3.net
Fri Aug 1 17:42:32 UTC 2014
IPTables rule involved:
-A INPUT -p tcp -m string --hex-string
"|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|"
--algo kmp -j LOG --log-prefix "IPTables-GFC-new "
-A INPUT -p tcp -m string --hex-string
"|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|"
--algo kmp -j DROP
Logs generated Wednesday from hits against these rules:
Jul 30 13:44:38 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT=
MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=1.50.250.198
DST=64.113.44.206 LEN=147 TOS=0x08 PREC=0x20
TTL=44 ID=21838 DF PROTO=TCP SPT=13717 DPT=9001 WINDOW=46 RES=0x00 ACK
PSH FIN URGP=0
Jul 30 13:44:59 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT=
MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=175.152.3.46
DST=64.113.44.206 LEN=147 TOS=0x00 PREC=0x00
TTL=50 ID=21839 DF PROTO=TCP SPT=49229 DPT=9001 WINDOW=46 RES=0x00 ACK
PSH FIN URGP=0
Jul 30 13:45:41 Libero2-vserver kernel: IPTables-GFC-new IN=eth0 OUT=
MAC=00:16:3e:21:6d:34:00:21:d8:25:c0:20:08:00 SRC=124.90.49.99
DST=64.113.44.206 LEN=147 TOS=0x00 PREC=0x00
TTL=49 ID=21840 DF PROTO=TCP SPT=10200 DPT=9001 WINDOW=46 RES=0x00 ACK
PSH FIN URGP=0
More information about the tor-relays
mailing list