[tor-relays] Hits against GFC hex-string fingerprint in IPTables yesterday
tor at t-3.net
tor at t-3.net
Mon Jun 30 12:57:32 UTC 2014
Wanted to point out to the list that we got 3 hits to our "Libero2"
relay on port 9001 from chinese IP address 210.72.9.44 to a "GFC"
reject line in the relay's iptables. I think this is the first time
we've seen hits to this type of rule.
The packets were dropped via this iptables detection:
-A INPUT -p tcp -m string --hex-string
"|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|"
--algo kmp
The packets came through at approximately these times EST:
Jun 29 15:36:10
Jun 29 15:36:38
Jun 29 15:37:15
More information about the tor-relays
mailing list