[tor-relays] privoxy, port 8118 scans

19 Jan 2014


      Hey
I am wondering if this is a coincidence but since I started the tor relay, I see a lot of TCP/8118 connections attempts on my relay's external IP.
I run the offending source IPs (aggregated to /24s) through cymru's ip-to-asn decoder and here are results of only today:
Bulk mode; whois.cymru.com 15003   | 108.177.181.0 15003   | 142.91.245.0 15003   | 172.240.255.0 15003   | 173.208.16.0 15003   | 173.208.57.0 15003   | 173.208.85.0 15003   | 173.234.12.0 15003   | 173.234.153.0 15003   | 173.234.235.0 15003   | 173.234.247.0 15003   | 173.234.33.0 15003   | 173.234.41.0 15003   | 173.234.60.0 15003   | 23.19.130.0 15003   | 23.19.50.0 15003   | 23.19.54.0 15003   | 23.19.67.0 15003   | 23.19.75.0 15003   | 23.19.89.0 15003   | 70.32.43.0 18450   | 173.231.54.0 20248   | 74.82.191.0 40676   | 216.24.204.0 46475   | 192.169.84.0 46475   | 192.169.86.0 46475   | 208.115.203.0 46475   | 208.115.228.0 46475   | 216.245.222.0 46475   | 63.143.33.0 46475   | 63.143.36.0 46475   | 63.143.52.0 46475   | 64.31.43.0 46475   | 69.162.116.0 46475   | 69.162.74.0 46475   | 74.63.226.0 46475   | 74.63.249.0

[2014-01-19 15:16:19 +0000] | 108.177.180.0/22    | US | arin     | 2012-03-15 | NOBIS-TECH - Nobis Technology Group, LLC | 142.91.240.0/21     | US | arin     | 2012-06-08 | NOBIS-TECH - Nobis Technology Group, LLC | 172.240.0.0/16      | US | arin     | 2013-04-08 | NOBIS-TECH - Nobis Technology Group, LLC | 173.208.16.0/21     | US | arin     | 2009-12-17 | NOBIS-TECH - Nobis Technology Group, LLC | 173.208.56.0/22     | US | arin     | 2009-12-17 | NOBIS-TECH - Nobis Technology Group, LLC | 173.208.80.0/21     | US | arin     | 2009-12-17 | NOBIS-TECH - Nobis Technology Group, LLC | 173.234.12.0/22     | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC | 173.234.152.0/22    | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC | 173.234.232.0/22    | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC | 173.234.244.0/22    | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC | 173.234.32.0/22     | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC | 173.234.40.0/22     | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC | 173.234.56.0/21     | US | arin     | 2010-02-12 | NOBIS-TECH - Nobis Technology Group, LLC | 23.19.128.0/22      | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC | 23.19.50.0/23       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC | 23.19.52.0/22       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC | 23.19.64.0/20       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC | 23.19.64.0/20       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC | 23.19.88.0/21       | US | arin     | 2011-04-25 | NOBIS-TECH - Nobis Technology Group, LLC | 70.32.43.0/24       | US | arin     | 2008-07-25 | NOBIS-TECH - Nobis Technology Group, LLC | 173.231.0.0/18      | US | arin     | 2010-03-19 | WEBNX - WebNX, Inc. | 74.82.176.0/20      | US | arin     | 2010-01-26 | TAKE2 - Take 2 Hosting, Inc. | 216.24.192.0/20     | US | arin     | 2010-10-14 | AS40676 - Psychz Networks | 192.169.80.0/20     | US | arin     | 2012-11-02 | LIMESTONENETWORKS - Limestone Networks, Inc. | 192.169.80.0/20     | US | arin     | 2012-11-02 | LIMESTONENETWORKS - Limestone Networks, Inc. | 208.115.192.0/18    | US | arin     | 2010-01-06 | LIMESTONENETWORKS - Limestone Networks, Inc. | 208.115.192.0/18    | US | arin     | 2010-01-06 | LIMESTONENETWORKS - Limestone Networks, Inc. | 216.245.192.0/19    | US | arin     | 2008-01-28 | LIMESTONENETWORKS - Limestone Networks, Inc. | 63.143.32.0/19      | US | arin     | 2011-10-27 | LIMESTONENETWORKS - Limestone Networks, Inc. | 63.143.32.0/19      | US | arin     | 2011-10-27 | LIMESTONENETWORKS - Limestone Networks, Inc. | 63.143.32.0/19      | US | arin     | 2011-10-27 | LIMESTONENETWORKS - Limestone Networks, Inc. | 64.31.0.0/18        | US | arin     | 2010-12-27 | LIMESTONENETWORKS - Limestone Networks, Inc. | 69.162.64.0/18      | US | arin     | 2008-06-27 | LIMESTONENETWORKS - Limestone Networks, Inc. | 69.162.64.0/18      | US | arin     | 2008-06-27 | LIMESTONENETWORKS - Limestone Networks, Inc. | 74.63.192.0/18      | US | arin     | 2008-08-29 | LIMESTONENETWORKS - Limestone Networks, Inc. | 74.63.192.0/18      | US | arin     | 2008-08-29 | LIMESTONENETWORKS - Limestone Networks, Inc.
There were almost 200k SYN packets sent for the last 15h from the 228 unique IP addresses.
Would that be part of tor project?
I have never run privoxy on my network and I am not really sure what the relation between tor and privoxy is?
Can somebody shine some light on that?
[0] https://www.team-cymru.org/Services/ip-to-asn.html
Thanks,
-mateusz

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[tor-relays] privoxy, port 8118 scans