[tor-relays] Exit relays abused to attack Google services

Pascal Terjan pterjan at gmail.com
Wed Feb 2 15:56:26 UTC 2022

On Wed, 2 Feb 2022 at 11:05, UDN Tor via tor-relays <
tor-relays at lists.torproject.org> wrote:

> > Note we believe some of these IPs are part of the Meris or Dvinis
> > botnets.  If you are a residential Internet service provider, it is
> > possible that your customers' routers themselves have been
> > compromised.  You should research the Meris botnet and take
> > appropriate actions to have them secure their CPE (customer-premises
> > equipment).

This is probably the main reason those reports are being sent.
Meris is a huge botnet using (at least) tens of thousands of compromised

Those notices were probably sent automatically to many ISPs hoping some of
them would get their customers to fix their routers, and tor exits were
probably just not filtered.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220202/6bdbd46d/attachment.htm>

More information about the tor-relays mailing list