[tor-relays] privoxy, port 8118 scans

Mateusz Błaszczyk blahu77 at gmail.com
Sun Jan 19 15:38:19 UTC 2014 

Hey

I am wondering if this is a coincidence but since I started the tor relay, I see a lot of TCP/8118 connections attempts on my relay's external IP.

I run the offending source IPs (aggregated to /24s) through cymru's ip-to-asn decoder and here are results of only today:


Bulk mode; whois.cymru.com [2014-01-19 15:16:19 +0000]
15003   | 108.177.181.0    | 108.177.180.0/22    | US | arin     | 2012-03-15 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 142.91.245.0     | 142.91.240.0/21     | US | arin     | 2012-06-08 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 172.240.255.0    | 172.240.0.0/16      | US | arin     | 2013-04-08 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.208.16.0     | 173.208.16.0/21     | US | arin     | 2009-12-17 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.208.57.0     | 173.208.56.0/22     | US | arin     | 2009-12-17 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.208.85.0     | 173.208.80.0/21     | US | arin     | 2009-12-17 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.234.12.0     | 173.234.12.0/22     | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.234.153.0    | 173.234.152.0/22    | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.234.235.0    | 173.234.232.0/22    | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.234.247.0    | 173.234.244.0/22    | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.234.33.0     | 173.234.32.0/22     | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.234.41.0     | 173.234.40.0/22     | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 173.234.60.0     | 173.234.56.0/21     | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 23.19.130.0      | 23.19.128.0/22      | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 23.19.50.0       | 23.19.50.0/23       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 23.19.54.0       | 23.19.52.0/22       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 23.19.67.0       | 23.19.64.0/20       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 23.19.75.0       | 23.19.64.0/20       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 23.19.89.0       | 23.19.88.0/21       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC
15003   | 70.32.43.0       | 70.32.43.0/24       | US | arin     | 2008-07-25 | NOBIS-TECH - Nobis Technology Group, LLC
18450   | 173.231.54.0     | 173.231.0.0/18      | US | arin     | 2010-03-19 | WEBNX - WebNX, Inc.
20248   | 74.82.191.0      | 74.82.176.0/20      | US | arin     | 2010-01-26 | TAKE2 - Take 2 Hosting, Inc.
40676   | 216.24.204.0     | 216.24.192.0/20     | US | arin     | 2010-10-14 | AS40676 - Psychz Networks
46475   | 192.169.84.0     | 192.169.80.0/20     | US | arin     | 2012-11-02 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 192.169.86.0     | 192.169.80.0/20     | US | arin     | 2012-11-02 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 208.115.203.0    | 208.115.192.0/18    | US | arin     | 2010-01-06 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 208.115.228.0    | 208.115.192.0/18    | US | arin     | 2010-01-06 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 216.245.222.0    | 216.245.192.0/19    | US | arin     | 2008-01-28 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 63.143.33.0      | 63.143.32.0/19      | US | arin     | 2011-10-27 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 63.143.36.0      | 63.143.32.0/19      | US | arin     | 2011-10-27 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 63.143.52.0      | 63.143.32.0/19      | US | arin     | 2011-10-27 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 64.31.43.0       | 64.31.0.0/18        | US | arin     | 2010-12-27 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 69.162.116.0     | 69.162.64.0/18      | US | arin     | 2008-06-27 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 69.162.74.0      | 69.162.64.0/18      | US | arin     | 2008-06-27 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 74.63.226.0      | 74.63.192.0/18      | US | arin     | 2008-08-29 | LIMESTONENETWORKS - Limestone Networks, Inc.
46475   | 74.63.249.0      | 74.63.192.0/18      | US | arin     | 2008-08-29 | LIMESTONENETWORKS - Limestone Networks, Inc.

There were almost 200k SYN packets sent for the last 15h from the 228 unique IP addresses.

Would that be part of tor project?
I have never run privoxy on my network and I am not really sure what the relation between tor and privoxy is?
Can somebody shine some light on that?



[0] https://www.team-cymru.org/Services/ip-to-asn.html

Thanks,
-mateusz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140119/f966d51b/attachment.sig>

More information about the tor-relays mailing list