kidoo
Multithreading Wizard
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
As reported by researchers:
In recent days, Tor node operators have been receiving a deluge of suspicious activity notifications related to the alleged abuse of their IP addresses. These notifications report multiple failed SSH login attempts purportedly originating from Tor nodes, which may indicate brute-force attacks.
How the Scheme Works
The attackers are using fake Tor node IP addresses in a massive brute-force attack on honeypots and intrusion detection systems (IDS). These systems are configured to automatically send complaints when suspicious activity is detected. The resulting fake messages create a flood of false notifications that create the false impression that Tor nodes are engaged in illegal activities.
The Aftermath of the Attack
The scheme causes Tor node IP addresses to be blacklisted and given a “bad reputation.” ISPs are starting to block or disable access to these nodes, which is a serious blow to the Tor network, since each node that is disabled weakens its infrastructure, which is vital for the anonymity of its users.
Results of the attack: damaged reputation and limited access to Tor nodes
Tor node operators are asked to actively appeal to ISPs so that their IP addresses are not blocked
ISPs are advised to carefully check complaints and be aware that data can be spoofed by attackers
In recent days, Tor node operators have been receiving a deluge of suspicious activity notifications related to the alleged abuse of their IP addresses. These notifications report multiple failed SSH login attempts purportedly originating from Tor nodes, which may indicate brute-force attacks.
How the Scheme Works
The attackers are using fake Tor node IP addresses in a massive brute-force attack on honeypots and intrusion detection systems (IDS). These systems are configured to automatically send complaints when suspicious activity is detected. The resulting fake messages create a flood of false notifications that create the false impression that Tor nodes are engaged in illegal activities.
The Aftermath of the Attack
The scheme causes Tor node IP addresses to be blacklisted and given a “bad reputation.” ISPs are starting to block or disable access to these nodes, which is a serious blow to the Tor network, since each node that is disabled weakens its infrastructure, which is vital for the anonymity of its users.
Results of the attack: damaged reputation and limited access to Tor nodes
Tor node operators are asked to actively appeal to ISPs so that their IP addresses are not blocked
ISPs are advised to carefully check complaints and be aware that data can be spoofed by attackers