[tor-relays] Receiving abuse reports for Non-Exit Relay

Xiaoqi Chen (Danny) chenxiaoqino at gmail.com
Thu Jul 27 00:55:00 UTC 2023 

Hey John,

Perhaps one thing you can try in debugging is to run tcpdump on the server
in question, to check if it is indeed sending out a lot of port-scanning
packets. You can use the following command to filter for port 22 only. Make
sure to test with tor turned off as well.

"*sudo* *tcpdump -vv dst port 22 and host not 123.45.xx.xx*"

(Since filter for port 22 will also capture your own ongoing ssh connection
to the server, you need to fill in your own computer's public IP address
into the filter to suppress it.)

Cheers,
--
Danny

On Wed, Jul 26, 2023 at 7:07 PM John Crow via tor-relays <
tor-relays at lists.torproject.org> wrote:

> Hello all,
>
> In the past 24 hrs, I have been receiving complaints from my hosting
> provider that they're receiving hundreds of abuse reports related to port
> scanning. I have no clue why I'm all of the sudden receiving abuse reports
> when this non-exit relay has been online for months without issues. In
> addition, I have other non-exit relays hosted by the same provider with no
> issues and more across other providers.
>
> I proceeded to reinstall the OS and reconfigure Tor.  I was then quickly
> notified by my hosting provider again of more abuse reports all showing
> port 22 as target port.
>
> I have not changed my torrc at all and it's still setup as a non-exit
> relay. No other applications/services were installed alongside Tor. Tor
> Metrics does not show the relay as Exit either.
>
> It feels like Tor Exit Traffic is leaking through my non-exit relay?
>
> Has anyone else experienced any behavior similar to this? Any ideas on how
> to fix or prevent this?
>
> prsv admin
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230727/8dda8f19/attachment-0001.htm>

More information about the tor-relays mailing list