Is there an ongoing attack on the Tor network right now?

My relay was doing some weird stuff.

I got abuse reports even though I am not running an Exit relay.

Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: https://forum.torproject.org/t/tor-relays-tor-relays-source-ips-spoofed-to-mass-scan-port-22/15498/14

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: https://delroth.net/posts/spoofed-mass-scan-abuse/

@SecurityWriter #AdBlocking is both #security and #aaccessibility tool!

• If a #Website doesn't work with #LynxBrowser over @torproject / #Tor it's inherently #ableist and/or #spyware and should be illegal as it has no legitimate reason for existing!

I often feel the struggle of using a Google Pixel (P7) with #GrapheneOS. Most of my friends have the latest iPhone's and can do pretty much everything faster than I can. This is not a Graphene issue as such, I also use #orbot to route most of my traffic through #Tor, making my connection a little slower. I've also got strict DNS rules setup through #NextDNS and I occasionally get caught out trying to access a blocked site...