Re: [tor-relays] too many abuse reports
On Tue, 22 May 2012 16:21:46 -0500 Jon torance...@gmail.com allegedly wrote: The port was 57734 - of course that doesn't mean another port could be used That looks like a source port to me. In my case, the (allegedly) attacked ports were 80, so clearly webservers. Mick - blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 - signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] too many abuse reports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, We also get (and ignore) these automated reports. Try to convince your ISP to reassign the IP range and list you as abuse contact. If that does not work, you can simply block celepar's ranges: - From scanning 129 recent mails: Destination: 200.189.113.170 (80) Destination: 200.189.113.212 (80) Destination: 200.189.113.213 (80) Destination: 200.189.113.220 (80) Destination: 200.189.113.49 (80) Destination: 200.189.113.50 (80) Destination: 200.189.123.184 (80) Destination: 200.189.123.185 (80) inetnum: 200.189.112/20 aut-num: AS19723 abuse-c: ADC633 owner: COMPANHIA DE INFORMATICA DO PARANA - CELEPAR - -- Moritz Bartl https://www.torservers.net/ -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvLcvAAoJEOGPxWJITcUAg0gH/3WLyVMOYjn0dshVbXwLizn/ dhykdQPddvQqfPsQG5D2qUhTNjTNQi/vWsjEz8ri40uxQIH0Th0OWcfKp6OfpOij HlLMNv5kV+MN9zjIX5Ukp/ZxidgALZMs/CKod69komvnBPhRiEf7rxfD+sHY5jGR pR4YmmvamNo6Xb0u+CGVKgv8grbwgRDdMzAP8gHieJglfEyujV4l+bgPq0fB0xQb N11mdMCRwXsgIyfV7lbk2mTxUbaoBPk9iRxJ6fMGI/wsQFjHory8En5ocq0UHtXY CWuuny+yGCYoV4H1sYVykF0Wyp+rd/oikDBtOZ8jROlDLzRh7LV2xcwcOZT3SPQ= =hzN5 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] too many abuse reports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, We also get (and ignore) these automated reports. Try to convince your ISP to reassign the IP range and list you as abuse contact. If that does not work, you can simply block celepar's ranges. Scanning 129 recent mails: Destination: 200.189.113.170 (80) Destination: 200.189.113.212 (80) Destination: 200.189.113.213 (80) Destination: 200.189.113.220 (80) Destination: 200.189.113.49 (80) Destination: 200.189.113.50 (80) Destination: 200.189.123.184 (80) Destination: 200.189.123.185 (80) inetnum: 200.189.112/20 aut-num: AS19723 abuse-c: ADC633 owner: COMPANHIA DE INFORMATICA DO PARANA - CELEPAR - -- Moritz Bartl https://www.torservers.net/ On 05/22/2012 05:18 PM, mick wrote: Hi I have today, reluctantly, switched my node torofotheworld.aibohphobia.org from an exit node to relay only. My ISP has stayed faithful over several abuse reports in the past, but this week following two more in quick sucession (from brazilian government services by the look of it) they have asked that I shut down the exit policy. Rather than lose the node entirely, I have agreed. Some bozo has been using sqlmap to scan servers through tor. Mick - blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPu8wiAAoJEOGPxWJITcUACQcH/3NN2/5YvCyLRlIwkFoAT93O p8Em9eEm8jC8HDLuyNSqpZ1qRd/TZQWHeWem5iZ/5AoozFrbPrVZoifbNtzS0Ujv 6B2XcY7jEwX9jFh3eLDY43vxnnJX2isV0NQtIWEc2X1rP78bxubJkBNzo33lsUee oebMCAWRR3pqoH++UAxpeJsH9P4Q6VgG9DflGYul9XlHukwICVAdrQllfALAMsXH BilWNdUxaGl/n1Wg1ekPo2Zn70f9NvGORCai9ibdH/YGmctZRLI3tLJfvhD2Wf1/ bv1nV7dSmhO9/N7JKzK73wOLx9xFxo3uO2K9UNYM12iDGKmP9DYTK2NQFDVe79w= =qnbv -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] too many abuse reports
same here. someone using sqlmap -- []s Fosforo - Only the wisest and stupidest of men never change. -Confusio - On Tue, May 22, 2012 at 8:18 AM, mick m...@rlogin.net wrote: Hi I have today, reluctantly, switched my node torofotheworld.aibohphobia.org from an exit node to relay only. My ISP has stayed faithful over several abuse reports in the past, but this week following two more in quick sucession (from brazilian government services by the look of it) they have asked that I shut down the exit policy. Rather than lose the node entirely, I have agreed. Some bozo has been using sqlmap to scan servers through tor. Mick - blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] too many abuse reports
On Tue, May 22, 2012 at 10:37 AM, Fosforo fosf...@gmail.com wrote: same here. someone using sqlmap -- []s Fosforo - Only the wisest and stupidest of men never change. -Confusio - On Tue, May 22, 2012 at 8:18 AM, mick m...@rlogin.net wrote: Hi I have today, reluctantly, switched my node torofotheworld.aibohphobia.org from an exit node to relay only. My ISP has stayed faithful over several abuse reports in the past, but this week following two more in quick sucession (from brazilian government services by the look of it) they have asked that I shut down the exit policy. Rather than lose the node entirely, I have agreed. Some bozo has been using sqlmap to scan servers through tor. Mick - blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 - Yep same here, got notice today from ISP on a report of the 20th for alledged hacking with someone using sqlmap. the reporting ip was a brazilian gov ip address. I just blocked the port and kept on serving Jon ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] too many abuse reports
On Tue, 22 May 2012 13:29:54 -0500 Jon torance...@gmail.com allegedly wrote: Yep same here, got notice today from ISP on a report of the 20th for alledged hacking with someone using sqlmap. the reporting ip was a brazilian gov ip address. I just blocked the port and kept on serving I assume you mean IP address rather than port here. Despite offering, I wasn't given the opportunity to do that. Interesting that you also seem to have been used in targetting the brazilian government. Mick - blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 - signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] too many abuse reports
mick m...@rlogin.net wrote on 22.05.2012: I assume you mean IP address rather than port here. Despite offering, I wasn't given the opportunity to do that. Interesting that you also seem to have been used in targetting the brazilian government. I can confirm abuse messages for same target, same attack. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] too many abuse reports
I can also confirm same attack it must have been huge o.o On 22 May 2012 20:17, tor-admin tor-ad...@torland.me wrote: mick m...@rlogin.net wrote on 22.05.2012: I assume you mean IP address rather than port here. Despite offering, I wasn't given the opportunity to do that. Interesting that you also seem to have been used in targetting the brazilian government. I can confirm abuse messages for same target, same attack. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
