On Fri, Aug 01, 2014 at 01:42:32PM -0400, [email protected] wrote: > IPTables rule involved: > > -A INPUT -p tcp -m string --hex-string > "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|" > --algo kmp -j LOG --log-prefix "IPTables-GFC-new " > -A INPUT -p tcp -m string --hex-string > "|00002800390038008800870035008400160013000a00330032009a009900450044002f00960041000500ff020100000400230000|" > --algo kmp -j DROP
You probably found these iptables rules in a blog post [0]. Note that this is not "attack" traffic. Most likely, these are automated probes from China whose purpose is to verify that your Tor relay is, in fact, a Tor relay and it's safe to block it. [0] https://idea.popcount.org/2013-07-11-fun-with-the-great-firewall/ Cheers, Philipp _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
