Reply to an #abuse message I received of a #Tor exit that was used for #SSH bruteforce. Looks good, right?

Hello,
Thanks for your notifications! If needed and wanted I can restrict the access to .... networks, please let me know if .... wants this and which network resources I should block exit to!

Please also understand that this is an Tor Exit server and that SSH bruteforce is a common problem with other anonymizing services as well, but SSH bruteforce has to be mitigated at the destination host in such a way that SSH service is secured or login requests are blocked after a certain number of attempts.

Please find our general information below.

These machines are Tor exit nodes. Tor is an anonymization network and exit nodes proxy traffic for other hosts on the Internet. By design, it is impossible for us to identify those other hosts or communicate with their operators.

The traffic you see comes from within the Tor network and is not an indicator for an infection or software running on the Tor node itself.

We have the ability to disable proxying to specific IP address ranges (not AS numbers) and specific TCP ports, but this should be considered a last resort tactic. It does not prevent anyone from using Tor to send spam to a certain server or access a certain server or whatsoever; the traffic would just divert to another exit node. Access as described by you can not be prevented by such measures and there is no infection we could clean up.

We are happy to work with you to minimize the impact on your service or on your network or to install a filter that blocks access for all Tor Exit Nodes (e.g. using
https://www.torproject.org/projects/tordnsel.html.en).

I hope you will consider allowing our relay/node to remain in (unfiltered) operation, as it is extremely valuable for people who need to conceal their identities online, especially in countries where access to the Internet is restricted. For more information please see https://www.torproject.org/about/overview.html#overview

We do not run an email server on this machine, nor could emails be relayed via out server.

Also feel free to contact us directly via abuse (at) artikel5ev dot de.

Kind regards,

utzer
on behalf of Artikel5 e.V.

There are no comments yet.