[tor-relays] External connections to port 9050
Greg W
allrightname at gmail.com
Fri Feb 28 15:22:10 UTC 2014
Roger,
You've confirmed my thoughts. I suspected that some people were bulk
scanning relays/exits looking for open proxies too which is why I was
curious if any other operators were seeing this. Thus far today I've got
175,000 connection attempts from 220 distinct IP addresses. I think I'll be
sending some abuse emails and writing a new fail2ban rule!
Thanks,
Greg
On Thu, Feb 27, 2014 at 8:40 PM, Roger Dingledine <arma at mit.edu> wrote:
> On Thu, Feb 27, 2014 at 11:39:55PM +0100, Jeroen Massar wrote:
> > On 2014-02-27 23:12, Greg W wrote:
> > > I turned on some logging on my firewall today to help troubleshoot and
> > > issue and noticed a load of connections from external addresses to port
> > > 9050 on my exit node. I don't think that should be publicly accessible.
> > > Am I wrong about it being publicly accessible and does anyone else see
> > > lots of connection attempts on that port?
> >
> > 9050 is the standard relay port, as other relays connect to your relay
> > (and then, likely, exit), it is quite logical that you see those
> > connections.
>
> No, 9001 is the standard relay port. 9050 is the standard socks port.
>
> Greg, try connecting to 9050 from outside your firewall, and see what
> happens?
>
> I think what you might be seeing is that some folks who sell lists of
> open proxies have decided to scan Tor relays on port 9050, just in case
> they left it open.
>
> --Roger
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140228/91ae398b/attachment.html>
More information about the tor-relays
mailing list