[tor-relays] How to prevent netscan usage?

Roland 'ValiDOM' Jungnickel vali2015 at validom.de
Wed Nov 25 22:21:06 UTC 2015 

hi,

I'm operating a tor exit with a relatively high bandwith rate for more
than 3 years.

My ISP receives more and more abuse tickets about my server regarding
netscans. These netscans are executed with dest. port 80 so I'm not able
to block them easily.

Any idea how to prevent netscans using my exit node? Below you find an
extract of such an abuse mail.

Thanks a lot!
ValiDOM

Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 41518 =>    46.20.92.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 41545 =>    46.20.92.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 41575 =>    46.20.92.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45219 =>    59.192.63.xx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45218 =>    59.192.63.xx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45217 =>    59.192.63.xx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 42460 =>    59.203.179.x 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 42517 =>    59.203.179.x 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 42569 =>    59.203.179.x 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 57564 =>   59.211.15.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 57596 =>   59.211.15.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 57631 =>   59.211.15.xxx 80
Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 58022 =>   59.228.86.xxx 80
Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 58046 =>   59.228.86.xxx 80
Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 58081 =>   59.228.86.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 37123 =>    64.238.74.xx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 37178 =>    64.238.74.xx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 41003 =>    65.20.53.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45785 =>  65.186.130.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45850 =>  65.186.130.xxx 80
Wed Nov 18 12:55:26 2015 TCP   88.198.14xxx 45907 =>  65.186.130.xxx 80
Wed Nov 18 12:55:12 2015 TCP   88.198.14xxx 60607 =>   66.87.185.xxx 80
Wed Nov 18 12:55:12 2015 TCP   88.198.14xxx 60611 =>   66.87.185.xxx 80
Wed Nov 18 12:55:12 2015 TCP   88.198.14xxx 60613 =>   66.87.185.xxx 80
Wed Nov 18 12:55:14 2015 TCP   88.198.14xxx 52693 =>  69.191.200.xxx 80
Wed Nov 18 12:55:14 2015 TCP   88.198.14xxx 52740 =>  69.191.200.xxx 80
Wed Nov 18 12:55:14 2015 TCP   88.198.14xxx 52783 =>  69.191.200.xxx 80
Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 35453 =>    71.54.215.xx 80
Wed Nov 18 12:55:27 2015 TCP   88.198.14xxx 35464 =>    71.54.215.xx 80
Wed Nov 18 12:55:12 2015 TCP   88.198.14xxx 39263 => 101.249.145.xxx 80
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB25EBF37.asc
Type: application/pgp-keys
Size: 5883 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151125/a1e1ef82/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151125/a1e1ef82/attachment.sig>

More information about the tor-relays mailing list