Hmm, FDC servers is known for doing bad things on tor
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
iirc this was on FDC servers too
On 2014-08-27 10:43, [email protected] wrote:
For the past week or so I've been seeing unsolicited echo replies coming from
FDC servers block and one that looks like it is owned by China(?) Most of the
entries are from 67.159.54.101 and I am seeing around one per minute. I
verified by running tcpdump for a couple minutes (no longer, I'm not an illegal
wiretapper!) that I'm not sending echo requests. IPTables is configured to drop
and log this invalid traffic.
Any idea what they are trying to accomplish? Some convoluted way of pinging me
because they don't get an ICMP unreachable back? And why every minute?
DENY IN=eth0 OUT= MAC=xxx SRC=67.159.54.101 DST=yyy LEN=40 TOS=0x08 PREC=0x20
TTL=55 ID=61817 PROTO=ICMP TYPE=0 CODE=0 ID=10249 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=67.159.54.101 DST=yyy LEN=40 TOS=0x08 PREC=0x20
TTL=55 ID=61817 PROTO=ICMP TYPE=0 CODE=0 ID=58375 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=67.159.54.102 DST=yyy LEN=40 TOS=0x08 PREC=0x20
TTL=55 ID=39417 PROTO=ICMP TYPE=0 CODE=0 ID=62498 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=50.117.112.42 DST=yyy LEN=40 TOS=0x00 PREC=0x00
TTL=56 ID=28340 PROTO=ICMP TYPE=0 CODE=0 ID=30728 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=50.117.112.42 DST=yyy LEN=40 TOS=0x00 PREC=0x00
TTL=56 ID=28334 PROTO=ICMP TYPE=0 CODE=0 ID=30728 SEQ=0
DENY IN=eth0 OUT= MAC=xxx SRC=50.117.112.42 DST=yyy LEN=40 TOS=0x00 PREC=0x00
TTL=56 ID=28335 PROTO=ICMP TYPE=0 CODE=0 ID=54277 SEQ=0
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
