So its a generic attack on an RFC 1918 IP. Thats really helpful. I also love the possible cause and the top-notch log ….
People are getting paid real money to send this shit? niftybunny > On 3. May 2020, at 22:15, [email protected] wrote: > > Hi, > > got multiple abuse in the last 2 weeks. > > 2 relays with 2 IP run on the server. Someone is always hammering my OR port > on one IP. (37.157.255.118:9002) > https://metrics.torproject.org/rs.html#details/BD2A34ADE4E603A272FAAD23AEF389801BB223BB > https://metrics.torproject.org/rs.html#details/8EE44717FA55705C12086F3ECD1F8D9C8676FD05 > > > What can I do? > > Found that in the archive: > https://lists.torproject.org/pipermail/tor-relays/2017-September/013030.html > > > the 5th complaint: > ############################################################################################################## > > To Whom it May Concern, > > You have a system on your network that is actively scanning and/or attacking > external sites on the Internet. This can come from many sources and because > it is often difficult to detect this activity, we are sending this E-mail in > an attempt to help you solve the problem. > > We have detected your system with an IP of, 37.157.255.118, scanning a client > we monitor. This was not a short attack but a prolonged scan and/or probe > that was designed to find and intrude into the target network. > > This may be someone on your network who is actively trying to hack others. > This person may be a legitimate user on your network or it may be that this > system has been compromised and is being used by someone to hack others. It > is also likely that the system is running automated tools that have been > installed to perform these actions without any human intervention. > > Below is the information about the attack. Keep in mind that the source IP > of our client has been sanitized for anonymity. > > Date: 04/30/2020 > Time: 11:05:37 > Time Zone: America/Chicago > Source(s): 37.157.255.118 > Type of Attack/Scan: Generic > Hosts: 10.10.10.182 > Log: > > 37.157.255.118:9002 > 10.10.10.182:24562 > > Possible Cause: > > > Thank you for your attention to this matter, > > Masergy > email: [email protected] > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you freedom! > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
