[tor-relays] Abuses for non-exit relay

Roger Dingledine arma at mit.edu
Sun Apr 8 15:46:15 UTC 2018


On Sun, Apr 08, 2018 at 12:23:32PM +0200, Felix wrote:
> Since November my ISP and I received a hand full of abuses for a
> non-exit. It is about scanning ports and addresses of a certain let's
> say victim ISP. I received one other abuse with another server.
> 
> For now I kindly want to ask if some operator received similar abuses
> for non-exits ? [1]

Yes, I get periodic abuse complaints to moria1 (my directory authority).

People complain that I connect to them over and over for weeks or months,
doing port scans.

What's really happening is that they are connecting to me -- meaning they
are running a Tor client -- and they are using some confusing firewall
tool that makes them misunderstanding what's going on.

Once we collect enough tcpdump style logs from them, it becomes clear
that they are seeing the "syn ack" from my computer, and since their
outgoing connections to my relay use a fresh (high-numbered) port each
time, they think it is port scanning.

They never connect my computer with Tor in their minds. They just run
a firewall tool and send complaints to the places they see in its logs.

--Roger



More information about the tor-relays mailing list