spoof source identified

This email just in from the tor project team.

From: gus
To: tor-relays@lists.torproject.org
Subject: [tor-relays] Update: Tor relays source IPs spoofed to mass-scan port 22
Date: Thu, 7 Nov 2024 15:49:37 -0300

Hello everyone,

I’m writing to share that the origin of the spoofed packets has been
identified and successfully shut down today, thanks to the assistance
from Andrew Morris at GreyNoise and anonymous contributors.

I want to give special thanks to the members of our community who have
dedicated their time and efforts to track down the perpetrators of this
attack.

Although this fake abuse incident had minimal impact on the network —
temporarily taking only a few relays offline — it has been a
frustrating issue for many relay operators. However, I want to reassure
everyone that this disruption had no effect on Tor users whatsoever.

We’re incredibly fortunate to have such a skilled and committed group of
relay operators standing with Tor.

Thank you all for your resilience, ongoing support and for making the
Tor network possible by running relays.

Gus
—
The Tor Project
Community Team Lead

_______________________________________________
tor-relays mailing list — tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org

And the tor project team now have a blog post about the spoofing attack.

So – some good news. Now perhaps we can all relax a bit more.