Interesting type of attack: People sending out TCP packets with a spoofed source address, targeting port 22 on random (or not) IP addresses on the net.
Not to probe whether there's SSH on that server, but to generate abuse reports against the spoofed IP, in order to force it off the net.
https://delroth.net/posts/spoofed-mass-scan-abuse/
Keep this in mind when you receive abuse reports. Especially if you're an ISP.
[#]infosec #networking #sysadmin
=> More informations about this toot | More toots from scy@chaos.social
@scy that is actually an issue on the Tor ML, since some relay Servers were also used. See also https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/85
=> More informations about this toot | More toots from korrupt@nrw.social
@korrupt @uhuru Yes, currently this appears to be targeted against Tor. The whole article is talking about that.
But since the attack is not Tor-specific in any way (and I fully expect it to be used against other things and groups of people in the future), I didn't mention it. Tor admins probably already know about it, and I don't want others to dismiss it as "oh, that's just a Tor problem".
=> More informations about this toot | More toots from scy@chaos.social This content has been proxied by September (3851b).Proxy Information
text/gemini