Hello, sorry, it also was a bit confusing for me as I've seen the logs. Yes, you are right. I am running a tor node and a ddclient on the same machine. Tor client and relay is running in a jail. So, it might be error, because of a faulty firewall rule. It looks like, I've routed all traffic though the tor client. Therefore it could be a "false" dynsdns update, but I've don't understand why it was changing so quickly with right IP.
So, for now I guess, it was my fault. Regards, Reiner On 20.12.2016 18:49, tor-relay.d...@o.banes.ch wrote: > Hello, > > I'm part of the abuse team of the mentioned Tor Exit. > Also I follow this mailing list. > > I read you post several times but I'm not sure what you where doing. > It looks to me like you running a tor node and have also a dyndns update > process running. > > Is this correct ? Please provide some more information about you use > case/configuration > > best regards > > Dirk > > > On 20.12.2016 15:25, diffusae wrote: >> Hi! >> >> Yesterday I encountered a strange IP address update via DynDNS: >> >> Dec 19 23:00:32.000 [notice] Your IP address seems to have changed to >> 176.10.104.240 (METHOD=RESOLVED HOSTNAME=my.dyndns.cc). Updating. >> Dec 19 23:00:32.000 [notice] Our IP Address has changed from xx.xx.xx.xx >> to 176.10.104.240; rebuilding descriptor (source: METHOD=RESOLVED >> HOSTNAME=my.dyndns.cc). >> Dec 19 23:00:36.000 [notice] Self-testing indicates your ORPort is >> reachable from the outside. Excellent. >> Dec 19 23:04:32.000 [notice] Your IP address seems to have changed to >> xx.xx.xx.xx (METHOD=RESOLVED HOSTNAME=my.dyndns.cc). Updating. >> Dec 19 23:04:32.000 [notice] Our IP Address has changed from >> 176.10.104.240 to xx.xx.xx.xx ; rebuilding descriptor (source: >> METHOD=RESOLVED HOSTNAME=my.dyndns.cc). >> Dec 19 23:04:34.000 [notice] Self-testing indicates your ORPort is >> reachable from the outside. Excellent. >> Dec 19 23:08:32.000 [notice] Your IP address seems to have changed to >> 176.10.104.240 (METHOD=RESOLVED HOSTNAME=my.dyndns.cc). Updating. >> Dec 19 23:08:32.000 [notice] Our IP Address has changed from xx.xx.xx.xx >> to 176.10.104.240; rebuilding descriptor (source: METHOD=RESOLVED >> HOSTNAME=my.dyndns.cc). >> Dec 19 23:08:34.000 [notice] Self-testing indicates your ORPort is >> reachable from the outside. Excellent. >> Dec 19 23:13:32.000 [notice] Your IP address seems to have changed to >> xx.xx.xx.xx (METHOD=RESOLVED HOSTNAME=my.dyndns.cc). Updating. >> Dec 19 23:13:32.000 [notice] Our IP Address has changed from >> 176.10.104.240 to xx.xx.xx.xx; rebuilding descriptor (source: >> METHOD=RESOLVED HOSTNAME=my.dyndns.cc). >> Dec 19 23:13:36.000 [notice] Self-testing indicates your ORPort is >> reachable from the outside. Excellent. >> Dec 19 23:22:38.000 [notice] Self-testing indicates your DirPort is >> reachable from the outside. Excellent. Publishing server descriptor >> >> The DynDNS client updates the IP every five minutes. It looks like >> somebody has tried to changed / update the IP manually or via spoofed >> update (DNS) entry. I also recognized the change at the WebGUI of the >> DynDNS Provider. The changed IP address is an exit node >> (0111BA9B604669E636FFD5B503F382A4B7AD6E80) in Switzerland. >> >> I don't think, that this is a bug in Tor 0.2.9.7-rc. Are there any >> possible attacks to Tor relays, if they are using a faked IP address? >> Normally this shouldn't work. Even if the traffic is redirected to an >> exit node, but I am not sure. >> >> Well, it should be safer to use autodetection of the IP though Tor. >> >> Regards, >> _______________________________________________ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
