[tor-relays] Exit relays abused to attack Google services

Pascal Terjan pterjan at gmail.com
Wed Feb 2 15:56:26 UTC 2022


On Wed, 2 Feb 2022 at 11:05, UDN Tor via tor-relays <
tor-relays at lists.torproject.org> wrote:

>
> > Note we believe some of these IPs are part of the Meris or Dvinis
> > botnets.  If you are a residential Internet service provider, it is
> > possible that your customers' routers themselves have been
> > compromised.  You should research the Meris botnet and take
> > appropriate actions to have them secure their CPE (customer-premises
> > equipment).
>

This is probably the main reason those reports are being sent.
Meris is a huge botnet using (at least) tens of thousands of compromised
routers.
https://www.bleepingcomputer.com/news/security/new-m-ris-botnet-breaks-ddos-record-with-218-million-rps-attack/

Those notices were probably sent automatically to many ISPs hoping some of
them would get their customers to fix their routers, and tor exits were
probably just not filtered.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220202/6bdbd46d/attachment.htm>


More information about the tor-relays mailing list