Happy today

Since November my ISP and I received a hand full of abuses for a
non-exit. It is about scanning ports and addresses of a certain let's
say victim ISP. I received one other abuse with another server.

For now I kindly want to ask if some operator received similar abuses
for non-exits ? [1]

Under my perspective it could be:
- ip-spoofing. A third entity uses my ip and sends sync requests to the
victim. There will never be a statefull connection, but the victim feels
offended. As result the only one who gets trouble is me.
- I got hacked (Uhh, don't like these words) which I suspect is not the
case. Then statefull connections are possible and by scanning etc the
attacker interfers the victim. We should not discuss this here.
- There is some way out of the code which enables an attacker to perform
solicited or unsolicited interference. Like [2] or not known or
whatever. It is difficult to discuss with my ISP because the world
expects the non-exits connect only inside the Tor network and onion

Some facts:
- The victim ISP hosts no relay
- The relays are guards and potentially fallbacks (fallback and
non-fallback share an ip)
- I firewall blocked (outbound) all victim ISPs subnets. I logged some
outbound trials but this could not stop the abuses. Why? May-be the
victim ISP has changing ip ranges which usually happens from time to
time or I do not know their subnets completely. Interesting was that one
destination ip was x.x.x.0 which is subnet zero.
- Currently I firewall block (inbound) all victim ISPs subnets and found
log entries scanning (syn) my server on a non Tor port. Before blocking
inbound, was there a way that someone from the vicitm ISP ip range can
drive my relay (not server) to act like an offender back to the victims ISP?

Pretty weired stuff but please swarm help! I apologize for my may-be
foolish thoughts and please don't hit me too hard, though.

[tor-relays] abuse email for non-exit relay (masergy)

[2] Re to [1]

Cheers, Felix
tor-relays mailing list

Reply via email to