Hi,
Yes, there is a DNS server but port 53 is not open to the internet, only
locally.
King regards
On Nov 6, 2024 at 9:17 PM, tor-relays+tor-rel...@queer.cat wrote:Is your server
running a DNS server that's open to the internet on port 53?
On 6/11/24 09:25, Jose A via tor-relays wrote:
> Hell
Hello everyone,
I'm writing to share that the origin of the spoofed packets has been
identified and successfully shut down today, thanks to the assistance
from Andrew Morris at GreyNoise and anonymous contributors.
I want to give special thanks to the members of our community who have
dedicated t
On Wed, 06 Nov 2024 22:40:08 +
Matt Palmer allegedly wrote:
>
> Egress rules won't help, because the traffic never hits your server --
> the source IP address is spoofed as yours, but the packets are
> injected into the Internet from another location entirely.
>
But they will allow you to p
> but the packets are injected into the Internet from another location entirely.
On that note, most data-centers nowadays have routers do SRC IP checks, and do
not allow the traffic through if it doesn't match that interfaces assigned
address.. it would probably more useful to somehow find the
Hi all,
I’m running a relay on a Pi 4 now for almost 2 years, almost no issues at all.
Average CPU load 40 %, average bandwidth 5 MB.
Updating to a newer version of tor is a bit tricky.
Rads
Michael
> Am 04.11.2024 um 12:40 schrieb jl2238--- via tor-relays
> :
>
> It works. My relay is runni
On Thu, Nov 07, 2024 at 07:53:04AM +, George Hartley wrote:
> > but the packets are injected into the Internet from another location
> > entirely.
>
> On that note, most data-centers nowadays have routers do SRC IP checks, and
> do not allow the traffic through if it doesn't match that interf
On Thu, Nov 07, 2024 at 03:49:37PM -0300, gus wrote:
> I'm writing to share that the origin of the spoofed packets has been
> identified and successfully shut down today, thanks to the assistance
> from Andrew Morris at GreyNoise and anonymous contributors.
Yay. Thanks Gus, and especially thanks A
Hi Gus,
Would you please expand on that a bit please? Was it a single server, a
network of them, one provider or multiple of them, etc...?
I doubt this was the work of a single person simply because they were
bored. I'm assuming we should still keep a lookout for
them to simply rent a bunch of mo
Hi,
And as further proof (if any were needed) that watchdogcyberdefense.com
is run by bozos one of their "abuse" reports to Hetzner reportedly shows
a “log entry” which reported attacks from my IP address to the RFC 1918
address 192.168.200.216. That address, like all such 192.168/16 prefix
addr
On 2024-11-05 16:32, George Hartley via tor-relays wrote:
Also, please consider using a provider that is not overcrowded with
Tor nodes already like OVH.
I can recommend Wedos.cz ... https://wedos.cz/en/
They block access to their web site to Tor users. This doesn't bode well
for how Tor frien
True, but as Mick wrote in this thread they are more meant as proof to Hetzner
that my node doesn't allow contact with the addresses listed.
When I received the abuse emails I was slightly panicking and reinstalled the
node from scratch because I couldn't prove that I had *not* been hacked. I
f
That's great news! Kudos to all who helped track this done.
On Thu, Nov 7, 2024, at 12:49 PM, gus wrote:
> Hello everyone,
>
> I'm writing to share that the origin of the spoofed packets has been
> identified and successfully shut down today, thanks to the assistance
> from Andrew Morris at Grey
Adding a "me too":
I have a tor middle relay in Vultr, and I've had 4 abuse tickets so far.
I replied to them with information about my server, this thread, and
the delroth's blog post.
Vultr closed all tickets without further actions.
___
tor-relays mail
* Roger Dingledine:
> We should expect some more days of fallout, while mistaken abuse
> complaints are still being processed by various hosters.
You called it. Mere minutes ago, Hetzner forwarded another complaint,
for a grand total of 9 (yes, nine, what a gruesome level of abuse)
spoofed connec
Thank-you for you efforts, and for the efforts of the anonymous
contributors! And let me second the motion requesting (much) more
information about the perps.
Do we know the full impact though? The vast majority of relay operators
seem not to be on the mailing list. What are the actual numb
15 matches
Mail list logo
