On my blog: One weird trick to get the whole planet to send abuse complaints to your best friend(s)
https://delroth.net/posts/spoofed-mass-scan-abuse/
Summary of my adventures from last evening, as read in this Mastodon thread: https://mastodon.delroth.net/@delroth/113387965977159983
Update: I got an email from Hetzner's legal team today saying they came across my blog post (nice!). Paraphrasing:
- They're monitoring and understand that there is no actual abuse being done from these Tor relays getting spoofed.
- They emphasized that they do not routinely take action on this kind of abuse complaints, and that's why they forward them without requiring reply/action from the customer.
Love hearing this, and I'm actually impressed by Hetzner's response! Major props.
New update: the CTO from "watchdogcyberdefense.com" has been in my emails, and I can only summarize our exchanges by my current feeling of "wow there should be an exam to be allowed to send more than N abuse complaints/day".
To quote from them: they're seeing "1.3 billion attacks logged in the past 24h", they claim IPs are infected because VirusTotal says so, and they're trying to make a deal with me where if I iptables OUTPUT DROP their network they'll stop sending abuse complaints to Hetzner.
My post to nanog made it out of the mod queue, so this is my latest attempt to get some awareness about this abusive company to the internet community: https://mailman.nanog.org/pipermail/nanog/2024-November/226499.html
Hopefully it will reach a few more people working in NOCs and abuse departments? Who knows.
