[tor-relays] Tor exit nodes attacking SSH?
Roger Dingledine
arma at mit.edu
Wed Aug 9 06:41:34 UTC 2017
On Wed, Aug 09, 2017 at 10:58:01AM +0500, Roman Mamedov wrote:
> > No, dropbear is an SSH server that 8.8.8.8 seems to be running.
>
> Did you try ssh'ing into 8.8.8.8 (outside of Tor)? It does not run a public
> SSH server at all (obviously).
>
> The point was to demonstrate that the exit node intercepts port 22 connections
> to any IP, and redirects them to the same particular instance of dropbear.
Right -- it seems clear that there is some exit relay out there that is
handling requests for 8.8.8.8:22 (and probably *:22) poorly. If somebody
can tell us which one it is, we'll get rid of it.
(Several groups who run scanners for this sort of thing will hopefully
pick this thread up in the next day or so and we can resolve it then.)
--Roger
More information about the tor-relays
mailing list