Hello -
I just recently installed a Tor Relay and now I'm seeing a TON of port 8118 denied requests in my log.
Mar 21 17:24:51 kendra kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=
MAC=c8:0a:a9:9e:2f:02:00:90:1a:a2:a0:7e:08:00 SRC=162.211.126.188
DST=72.90.68.179 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=16300 DF
PROTO=TCP SPT=4853 DPT=8118 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 21
17:24:53 kendra kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=
MAC=c8:0a:a9:9e:2f:02:00:90:1a:a2:a0:7e:08:00 SRC=162.211.126.227
DST=72.90.68.179 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=19011 DF
PROTO=TCP SPT=1146 DPT=8118 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 21
17:24:55 kendra kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=
MAC=c8:0a:a9:9e:2f:02:00:90:1a:a2:a0:7e:08:00 SRC=162.211.126.173
DST=72.90.68.179 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=28405 DF
PROTO=TCP SPT=3137 DPT=8118 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 21
17:24:57 kendra kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=
MAC=c8:0a:a9:9e:2f:02:00:90:1a:a2:a0:7e:08:00 SRC=216.245.222.105
DST=72.90.68.179 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=24995 DF
PROTO=TCP SPT=2998 DPT=8118 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 21
17:24:59 kendra kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=
MAC=c8:0a:a9:9e:2f:02:00:90:1a:a2:a0:7e:08:00 SRC=162.211.126.180
DST=72.90.68.179 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=21683 DF
PROTO=TCP SPT=3372 DPT=8118 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 21
17:25:01 kendra kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT=
MAC=c8:0a:a9:9e:2f:02:00:90:1a:a2:a0:7e:08:00 SRC=173.234.116.173
DST=72.90.68.179 LEN=48 TOS=0x00 PREC=0x00 TTL=247 ID=9188 PROTO=TCP
SPT=1976 DPT=8118 WINDOW=65535 RES=0x00 SYN URGP=0
I'm not configured at 8118.
My config:
SocksPort 72.90.68.179:9050 # Bind to this adddress:port too.
SocksPolicy accept 72.90.68.176/29
ControlPort 9051
ORPort 9001
DirPort 9030 # what port to advertise for directory connections
On my firewall, I'm allowing: TCP_IN: 9030,9001,9050,9051 and TCP_OUT: 9030,9001,9050,9051
Am I doing something wrong?
Why am I getting all this 8118 traffic?
Any help would be greatly appreciated.
Dennis
On Tue, Mar 25, 2014, at 12:55 AM, Dennis Crawford wrote:
Hello -
I just recently installed a Tor Relay and now I'm seeing a TON of port 8118 denied requests in my log.
...
Am I doing something wrong?
No, someone out there is sniffing relays for open HTTP proxies - you'll find it mentioned in the list archives. If it concerns you, you can report it to the originating network, but if your firewall is doing its job.... GD
On Tue, Mar 25, 2014 at 3:45 AM, Geoff Down geoffdown@fastmail.net wrote:
On Tue, Mar 25, 2014, at 12:55 AM, Dennis Crawford wrote:
Hello -
I just recently installed a Tor Relay and now I'm seeing a TON of port 8118 denied requests in my log.
...
Am I doing something wrong?
No, someone out there is sniffing relays for open HTTP proxies - you'll find it mentioned in the list archives. If it concerns you, you can report it to the originating network, but if your firewall is doing its job....
Furthermore, this relay is also advertising itself as an exit node, and the network thinks that it can be used as one: https://globe.torproject.org/#/relay/541D0AEF5BCA6F2D6285FEC2CF8E87AE9F8771A... the exit policy and the Exit flag.)
Since the intention (as i understand) is not to have it be an actual exit node, better to have this in the torrc:
ExitPolicy reject *:*
--
Kostas.
0x0e5dce45 @ pgp.mit.edu
tor-relays@lists.torproject.org
-
Dennis Crawford -
Geoff Down -
Kostas Jakeliunas