Fwd: EZZI.net Abuse Warning

Michael Holstein michael.holstein at csuohio.edu
Wed Jan 24 15:35:52 UTC 2007


Here's the "boiler plate" I use for such things (137.148.5.13 was 
previously the exit-node router "csutor"). You should obviously 
's/137.148.5.13/your.ip.address/g':

--snip--

137.148.5.13 is an anonymous proxy that's part of the TOR network. You
can learn more about TOR at http://tor.eff.org.

We are unable to assist you in tracing the source of this attack, but it
did not originate from us -- TOR requires all traffic traverse three
"onion routers" in physically separate locations -- 137.148.5.13 just
happened to be the "exit node" for this particular session.

You're welcome to block 137.148.5.13 as you see fit. There are also
several free sites that assist in dynamic (DNSBL) blocking of TOR if you
so desire -- one is http://www.ahbl.org. TOR developers also make
available a Python script : http://tor.eff.org/cvs/tor/contrib/exitlist
which can obtain the IP addresses of all TOR exit nodes, given a copy of
the current directory : http://belegost.mit.edu/

Please let me know if I can be of further assistance.

Regards,

Michael Holstein CISSP GCIA
IS&T Information Security
Cleveland State University


xiando wrote:
> Subject: EZZI.net Abuse Warning
> Date: Tuesday 23 januar 2007 22:39
> From: abuse at ezzi.net
> To: xiando at xiando.com
> 
> xiando at xiando.com
> 
> Regarding Server Main IP: 66.199.236.130
> 
> We got a notice from the Undernet IRC Network about a number of servers on
>  our network making suspicious connections to their network, your server
>  appears to be one of those boxes. It appears whoever caused this hacked the
>  servers by brute forcing SSH logins and uploading a fake httpd binary and
>  launching it.
> 
> Please look into this matter immediately, if you need help feel free to open
>  a trouble ticket. It is also suggested you check your servers password
>  policy and make sure your passwords are secure. We suggest at least 6
>  characters, uppercase and lowercase letters and numbers.
> 
> We thank you in advance for your swift cooperation in this important matter.
> 
> 
> Thank you,
> EZZI.net Support Team
> 
> -------------------------------------------------------
> 
> I got multiple copies of this (I have more than one Tor exit server).
> 
> There are - apparently - bad people on the Internet (no shit). It is likely 
> the first time EZZI.net has got a (very much likely) Tor-related abuse 
> complaint. 
> 
> Please share any view on how to respond to EZZI.net about some person on the 
> Internet hacking some box on the Internet using Tor (which seems to be why 
> EZZI.net wants me to explain myself).
> 
> Thanks.
> 



More information about the tor-talk mailing list