On Thu, Nov 07, 2024 at 03:49:37PM -0300, gus wrote:
> I'm writing to share that the origin of the spoofed packets has been
> identified and successfully shut down today, thanks to the assistance
> from Andrew Morris at GreyNoise and anonymous contributors.

Yay. Thanks Gus, and especially thanks Andrew.

We should expect some more days of fallout, while mistaken abuse
complaints are still being processed by various hosters. That is, if
you get a complaint from your hoster tomorrow, be sure to check the
timestamp before worrying that there is some new variant of the attack.

That said, everybody please do keep watch for some future variation of
this attack. All the attack needs is a hosting provider that doesn't do
egress filtering, i.e. that lets its users pretend to be anybody anywhere
on the internet. Those hosting providers are supposed to be gone from
the world decages ago, but well, the world is flawed in many ways and
this isn't the worst of them. :) At least if it happens again soon,
many people understand the attack now and they will be ready to track
it down quickly again.

--Roger

_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-le...@lists.torproject.org

Reply via email to