Opened 9 years ago

Closed 9 years ago

Last modified 7 years ago

#2964 closed defect (invalid)

Tor network scanning?

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: 0.2.2.x-final
Component: Core Tor/Tor Version: Tor: 0.2.2.24-alpha
Severity: Keywords: tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Running TBB relay, Tor 0.2.1.30 on Windows 7. I have changed my old router to a more modern firewall with NAT, SPI, DoS-prevention, UPnP and QOS. Has automatically configured port forward successfully. I do not mirror relay directory. Tor message log showing “warning eventdns: all nameservers have failed” and “notice eventdns: nameserver …. is backup” during start. Firewall log below. Tor is working, but has Tor gone crazy port scanning (ACK,SYN,FIN,UDP) the network?

Apr 20 19:28:33 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 20 19:21:02 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [FIN Scan]
Apr 20 19:20:30 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [FIN Scan]
Apr 20 19:15:21 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [FIN Scan]
Apr 20 19:10:31 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [FIN Scan]
Apr 20 19:04:29 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 20 19:04:20 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 20 19:04:17 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 20 18:59:20 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [FIN Scan]
Apr 20 18:53:08 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
…..
Apr 19 19:38:56 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [SYN Scan]
Apr 19 19:38:51 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [FIN Scan]
Apr 19 19:37:52 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 19 19:25:08 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 19 19:25:00 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 19 19:24:11 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [FIN Scan]
Apr 19 19:17:33 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 19 19:14:04 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 19 19:12:29 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]
Apr 19 19:07:51 DOS [TCP]: Attack Outgoing 192.168.0.100->0.0.0.0 [ACK Scan]

Child Tickets

Change History (7)

comment:1 Changed 9 years ago by cypherpunks

Milestone: Tor: 0.2.1.x-finalTor: 0.2.2.x-final
Version: Tor: 0.2.1.26Tor: 0.2.2.24-alpha

I have upgraded to Tor Browser Bundle (2.2.24-1) alpha; suite=windows.

The new TBB have the same problems.

comment:2 Changed 9 years ago by arma

You're a relay? Relays make connections. They also receive incoming connections. That's what network services do. TCP connections on the Internet use SYN, ACK, and FIN as a totally normal part of operation.

There are now something like 2800 other relays in the network, and a fast relay will end up holding open connections to most of them.

It sounds like your firewall is going nuts looking at each connection and freaking out. Is there anything actually going wrong other than an overenthusiastic firewall software?

comment:3 Changed 9 years ago by cypherpunks

Tor works fine. Everything is OK.

Thank you

comment:4 Changed 9 years ago by Sebastian

Resolution: invalid
Status: newclosed

comment:5 Changed 9 years ago by cypherpunks

I forgot that I still have the problem below.

apr 27 !19:20:06.037 [Warning] eventdns: All nameservers have failed
apr 27 !19:20:16.052 [Notice] eventdns: Nameserver !192.168.0.1:53 is back up
apr 28 !11:38:37.028 [Warning] eventdns: All nameservers have failed
apr 28 !11:38:47.043 [Notice] eventdns: Nameserver !192.168.0.1:53 is back up
apr 29 !10:10:36.037 [Warning] eventdns: All nameservers have failed
apr 29 !10:10:46.052 [Notice] eventdns: Nameserver !192.168.0.1:53 is back up
apr 30 !04:22:57.032 [Warning] eventdns: All nameservers have failed
apr 30 !04:23:07.063 [Notice] eventdns: Nameserver !192.168.0.1:53 is back up

comment:6 Changed 7 years ago by nickm

Keywords: tor-relay added

comment:7 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.