[tor-relays] Again: abuse email for non-exit relay (masergy)

gerard at bulger.co.uk gerard at bulger.co.uk
Sun May 3 21:15:21 UTC 2020


That is really unhelpful of them to state Type of Attack/Scan: Generic  Hosts: 10.10.10.182 which is non-routable address.  Something on their LAN is wrong.   You cannot even respond by blocking their actual WAN IP in torrc.  

Ask for the real WAN IP of their network so you can block the attack

    


-----Original Message-----
From: tor-relays <tor-relays-bounces at lists.torproject.org> On Behalf Of lists at for-privacy.net
Sent: 03 May 2020 21:16
To: tor-relays at lists.torproject.org
Subject: [tor-relays] Again: abuse email for non-exit relay (masergy)

Hi,

got multiple abuse in the last 2 weeks.

2 relays with 2 IP run on the server. Someone is always hammering my OR port on one IP. (37.157.255.118:9002) https://metrics.torproject.org/rs.html#details/BD2A34ADE4E603A272FAAD23AEF389801BB223BB
https://metrics.torproject.org/rs.html#details/8EE44717FA55705C12086F3ECD1F8D9C8676FD05


What can I do?

Found that in the archive:
https://lists.torproject.org/pipermail/tor-relays/2017-September/013030.html


the 5th complaint:
##############################################################################################################

To Whom it May Concern,

You have a system on your network that is actively scanning and/or 
attacking external sites on the Internet.  This can come from many 
sources and because it is often difficult to detect this activity, we 
are sending this E-mail in an attempt to help you solve the problem.

We have detected your system with an IP of, 37.157.255.118, scanning a 
client we monitor.  This was not a short attack but a prolonged scan 
and/or probe that was designed to find and intrude into the target 
network.

This may be someone on your network who is actively trying to hack 
others. This person may be a legitimate user on your network or it may 
be that this system has been compromised and is being used by someone to 
hack others. It is also likely that the system is running automated 
tools that have been installed to perform these actions without any 
human intervention.

Below is the information about the attack.  Keep in mind that the source 
IP of our client has been sanitized for anonymity.

Date: 04/30/2020
Time: 11:05:37
Time Zone: America/Chicago
Source(s): 37.157.255.118
Type of Attack/Scan: Generic
Hosts: 10.10.10.182
Log:

37.157.255.118:9002 > 10.10.10.182:24562

Possible Cause:


Thank you for your attention to this matter,

Masergy
email: esp at masergy.com

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



More information about the tor-relays mailing list