[tor-relays] abuse email for non-exit relay (masergy)
teor
teor2345 at gmail.com
Thu Sep 21 23:19:19 UTC 2017
> On 22 Sep 2017, at 08:49, relay 000 <relay0 at mailbox.org> wrote:
>
> FYI, I got this email for a non-exit relay - please share if you get them as well:
>
> ...
>
> You have a system on your network that is actively scanning and/or attacking external sites on the Internet. This can come from many sources and because it is often difficult to detect this activity, we are sending this E-mail in an attempt to help you solve the problem.
>
> We have detected your system with an IP of, <relay-IP>, scanning a client we monitor. This was not a short attack but a prolonged scan and/or probe that was designed to find and intrude into the target network.
There are two ways this can happen:
Someone set up a tor relay on the "client", and your relay connected
to it.
Someone is using the hidden service rendezvous protocol to ask non-exit
relays to scan non-tor IP addresses. Specifying a remote address is a
feature of the protocol. We have mitigations in place in newer tor
relay versions to stop scanning of local addresses, and to provide
limited information to the scanning client.
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170922/235485c7/attachment.sig>
More information about the tor-relays
mailing list