On Wed, Aug 09, 2017 at 10:58:01AM +0500, Roman Mamedov wrote:
> > No, dropbear is an SSH server that 22.214.171.124 seems to be running.
> Did you try ssh'ing into 126.96.36.199 (outside of Tor)? It does not run a public
> SSH server at all (obviously).
> The point was to demonstrate that the exit node intercepts port 22 connections
> to any IP, and redirects them to the same particular instance of dropbear.
Right -- it seems clear that there is some exit relay out there that is
handling requests for 188.8.131.52:22 (and probably *:22) poorly. If somebody
can tell us which one it is, we'll get rid of it.
(Several groups who run scanners for this sort of thing will hopefully
pick this thread up in the next day or so and we can resolve it then.)
tor-relays mailing list