[tor-relays] More attack traffic against Tor detected on exit relay
Philipp Winter
phw at nymity.ch
Fri Aug 1 18:04:37 UTC 2014
On Fri, Aug 01, 2014 at 01:42:32PM -0400, tor at t-3.net wrote:
> IPTables rule involved:
>
> -A INPUT -p tcp -m string --hex-string "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|"
> --algo kmp -j LOG --log-prefix "IPTables-GFC-new "
> -A INPUT -p tcp -m string --hex-string "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|"
> --algo kmp -j DROP
You probably found these iptables rules in a blog post [0]. Note that
this is not "attack" traffic. Most likely, these are automated probes
from China whose purpose is to verify that your Tor relay is, in fact, a
Tor relay and it's safe to block it.
[0] https://idea.popcount.org/2013-07-11-fun-with-the-great-firewall/
Cheers,
Philipp
More information about the tor-relays
mailing list