Roger, You've confirmed my thoughts. I suspected that some people were bulk scanning relays/exits looking for open proxies too which is why I was curious if any other operators were seeing this. Thus far today I've got 175,000 connection attempts from 220 distinct IP addresses. I think I'll be sending some abuse emails and writing a new fail2ban rule!
Thanks, Greg On Thu, Feb 27, 2014 at 8:40 PM, Roger Dingledine <a...@mit.edu> wrote: > On Thu, Feb 27, 2014 at 11:39:55PM +0100, Jeroen Massar wrote: > > On 2014-02-27 23:12, Greg W wrote: > > > I turned on some logging on my firewall today to help troubleshoot and > > > issue and noticed a load of connections from external addresses to port > > > 9050 on my exit node. I don't think that should be publicly accessible. > > > Am I wrong about it being publicly accessible and does anyone else see > > > lots of connection attempts on that port? > > > > 9050 is the standard relay port, as other relays connect to your relay > > (and then, likely, exit), it is quite logical that you see those > > connections. > > No, 9001 is the standard relay port. 9050 is the standard socks port. > > Greg, try connecting to 9050 from outside your firewall, and see what > happens? > > I think what you might be seeing is that some folks who sell lists of > open proxies have decided to scan Tor relays on port 9050, just in case > they left it open. > > --Roger > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
