Oddbean new post about | logout
 "Someone is attacking nostr:nprofile1qqszr7k0w6gclv3usnqmey68uzs6h2yt7dpw2dyeqt0sh8ehaxl8xyqpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qz9thwden5te0v35hgar09ec82c30wfjkccte89v5nr right now and has been for a few weeks. 

The attacker is spoofing the IPs of Tor Exit and Directory nodes, and blasting TCP SYN packets indiscriminately  on 22/TCP- spurring a large amount of abuse complaints to hosting providers, which are then temp blocking/banning Tor infrastructure which isn't actually doing anything wrong."

See more in the original Twitter post:
https://x.com/Andrew___Morris/status/1854289771197329517

#tor #privacy 
 Tor Project released a blog post: "Defending the Tor network: Mitigating IP spoofing against Tor"

"At the end of October, Tor directory authorities, relay operators, and even the Tor Project sysadmin team received multiple abuse complaints from their providers about port scanning. These complaints were traced back to a coordinated IP spoofing attack, where an attacker spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network.

Thanks to a joint effort from the Tor community, InterSecLab, and the support of Andrew Morris and the team at GreyNoise, the origin of these spoofed packets was identified and shut down on November 7th, 2024."

See more:
https://blog.torproject.org/defending-tor-mitigating-IP-spoofing/

#tor #spoofing #privacy

nostr:nevent1qqsqm3yjuknu9pqlq9fwgmmuvlypv47xucl0hf0f35mqxzgr982wvhgppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqpz2hear