Oddbean new post about | logout
zCat | 17 days ago (raw) | root | parent | reply | flag +1 
 Tor Project released a blog post: "Defending the Tor network: Mitigating IP spoofing against Tor"

"At the end of October, Tor directory authorities, relay operators, and even the Tor Project sysadmin team received multiple abuse complaints from their providers about port scanning. These complaints were traced back to a coordinated IP spoofing attack, where an attacker spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network.

Thanks to a joint effort from the Tor community, InterSecLab, and the support of Andrew Morris and the team at GreyNoise, the origin of these spoofed packets was identified and shut down on November 7th, 2024."

See more:
https://blog.torproject.org/defending-tor-mitigating-IP-spoofing/

#tor #spoofing #privacy

nostr:nevent1qqsqm3yjuknu9pqlq9fwgmmuvlypv47xucl0hf0f35mqxzgr982wvhgppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqpz2hear
zCat | 13 days ago (raw) | root | parent | reply | flag +1 
 IP Spoofing Attack Tried to Disrupt Tor Network

A coordinated IP spoofing attack attempted to disrupt the Tor anonymity network, according to the Tor Project and relay operators.

The Tor Project said the attack started on October 20, when Tor directory authorities, the critical components responsible for managing and maintaining the list of Tor relays, started getting complaints alleging that their servers had been conducting port scanning. 

The unauthorized port scanning triggered automated abuse complaints to ISPs, which resulted in some relays being taken offline. 

An analysis revealed that a threat actor had used spoofed SYN packets to make it appear as if IPs associated with Tor relays had been conducting the port scans. Non-exit relays were the focus of the attack. 

“The attacker’s intent seems to have been to disrupt the Tor network and the Tor Project by getting these IPs on blocklists with these unfounded complaints,” the Tor Project said.

See more: https://www.securityweek.com/ip-spoofing-attack-tried-to-disrupt-tor-network/

#tor #spoofing

nostr:nevent1qqsrxsan8ny2vc84jzg36pgp035cdvg3nh0z80q2gu4ds6mpcm2z6kgpzpmhxue69uhkummnw3ezumt0d5hsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqse89cxs