[tor-relays] External connections to port 9050
I turned on some logging on my firewall today to help troubleshoot and issue and noticed a load of connections from external addresses to port 9050 on my exit node. I don't think that should be publicly accessible. Am I wrong about it being publicly accessible and does anyone else see lots of connection attempts on that port? Thanks, Greg ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] External connections to port 9050
Roger, You've confirmed my thoughts. I suspected that some people were bulk scanning relays/exits looking for open proxies too which is why I was curious if any other operators were seeing this. Thus far today I've got 175,000 connection attempts from 220 distinct IP addresses. I think I'll be sending some abuse emails and writing a new fail2ban rule! Thanks, Greg On Thu, Feb 27, 2014 at 8:40 PM, Roger Dingledine a...@mit.edu wrote: On Thu, Feb 27, 2014 at 11:39:55PM +0100, Jeroen Massar wrote: On 2014-02-27 23:12, Greg W wrote: I turned on some logging on my firewall today to help troubleshoot and issue and noticed a load of connections from external addresses to port 9050 on my exit node. I don't think that should be publicly accessible. Am I wrong about it being publicly accessible and does anyone else see lots of connection attempts on that port? 9050 is the standard relay port, as other relays connect to your relay (and then, likely, exit), it is quite logical that you see those connections. No, 9001 is the standard relay port. 9050 is the standard socks port. Greg, try connecting to 9050 from outside your firewall, and see what happens? I think what you might be seeing is that some folks who sell lists of open proxies have decided to scan Tor relays on port 9050, just in case they left it open. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] External connections to port 9050
Are you suggesting that the IP's making the connections are potentially exit nodes (they're not, I've checked) or that abuse email volume in general should be lowered regardless of the nature? Just trying to understand your sentiment here :) Thanks, Greg On Fri, Feb 28, 2014 at 9:29 AM, Roger Dingledine a...@mit.edu wrote: On Fri, Feb 28, 2014 at 09:22:10AM -0600, Greg W wrote: Roger, You've confirmed my thoughts. I suspected that some people were bulk scanning relays/exits looking for open proxies too which is why I was curious if any other operators were seeing this. Thus far today I've got 175,000 connection attempts from 220 distinct IP addresses. I think I'll be sending some abuse emails and writing a new fail2ban rule! Great! Except, please hesitate before sending those abuse mails -- isn't that exactly the sort of thing that makes it hard for people to run Tor exits? :) We've only got this one Internet. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Are zealous connections to directory port common?
What are the IPs connecting to you? I've been watching my firewall logs here recently and see several hosts from several distinct subnets consistently trying to connect to TOR related ports. On Fri, Mar 14, 2014 at 5:50 AM, I beatthebasta...@inbox.com wrote: One of mine is being DDOSed today. Zenaan Harkness wrote: I think it is unusual. Are you just checking the tor log to see this? OK, so I am being DOSed then. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] External connections to port 9050
It is firewalled. I should have said connection attempts in my first email. On Sun, Mar 23, 2014 at 12:09 PM, Tora Tora Tora t...@allthatnet.com wrote: On 02/28/2014 11:14 AM, Greg W wrote: Are you suggesting that the IP's making the connections are potentially exit nodes (they're not, I've checked) or that abuse email volume in general should be lowered regardless of the nature? Just trying to understand your sentiment here :) Why not firewall port 9050? If you need it for your own purposes, you can tunnel into your server. What's the point of allowing non-local connections on your Sock port? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
