IP Spoofing Attack Tried to Disrupt Tor Network

A coordinated IP spoofing attack attempted to disrupt the Tor anonymity network, according to the Tor Project and relay operators.

The Tor Project said the attack started on October 20, when Tor directory authorities, the critical components responsible for managing and maintaining the list of Tor relays, started getting complaints alleging that their servers had been conducting port scanning. 

The unauthorized port scanning triggered automated abuse complaints to ISPs, which resulted in some relays being taken offline. 

An analysis revealed that a threat actor had used spoofed SYN packets to make it appear as if IPs associated with Tor relays had been conducting the port scans. Non-exit relays were the focus of the attack. 

“The attacker’s intent seems to have been to disrupt the Tor network and the Tor Project by getting these IPs on blocklists with these unfounded complaints,” the Tor Project said.

See more: https://www.securityweek.com/ip-spoofing-attack-tried-to-disrupt-tor-network/

#tor #spoofing

nostr:nevent1qqsrxsan8ny2vc84jzg36pgp035cdvg3nh0z80q2gu4ds6mpcm2z6kgpzpmhxue69uhkummnw3ezumt0d5hsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqse89cxs