On Wed, 2 Feb 2022 at 11:05, UDN Tor via tor-relays < tor-relays@lists.torproject.org> wrote:
> > > Note we believe some of these IPs are part of the Meris or Dvinis > > botnets. If you are a residential Internet service provider, it is > > possible that your customers' routers themselves have been > > compromised. You should research the Meris botnet and take > > appropriate actions to have them secure their CPE (customer-premises > > equipment). > This is probably the main reason those reports are being sent. Meris is a huge botnet using (at least) tens of thousands of compromised routers. https://www.bleepingcomputer.com/news/security/new-m-ris-botnet-breaks-ddos-record-with-218-million-rps-attack/ Those notices were probably sent automatically to many ISPs hoping some of them would get their customers to fix their routers, and tor exits were probably just not filtered.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays