(November IP Spoofing) Provider contacts me

Hello TOR Community,
since my English is not sufficient to write the text, for your information, I will have it translated via Deepl.

The following issue:
My internet provider wrote to me, my public IP was used to attack other computers via PORT 22.

My setup:
I operate a TOR relay in my home network. In a Proxmox VM with Ubuntu. I installed the package sources from the TOR project in the VM. My system was therefore up-to-date and also ran very reliably and stably.

Why do I think this has to do with TOR?
Out of concern that a hacker was sitting in my system, I immediately looked into the matter. I spoke to other IT nerds via Discord, one of whom also has a TOR relay and runs it in the data center at HETZNER. He told me that he currently has the same problem. He was also contacted. He showed me chat logs and emails as proof.

My question:
How safe is it to operate a TOR relay in the home network? Are there already similar cases and can anyone tell me more about this? Has anyone had similar problems?

I have switched off my TOR relay for security reasons. I closed the PORT.

The mail from the provider

On request, my provider gave me the log files

1 Like

Edit: I assumed you run an exit relay?
Edit2: OK, looks like other replies are correct, I was not aware of that.

Old reply

Not safe, legally.

Tor is abused for hacking and other bad stuff all the time. It’s just how the network works, and it’s not because you got hacked.

Yes, this happens all the time.

There is a page dedicated to it:

Tor Project | Community and legal resources

This is very likely connected to this topic: Defending the Tor network: Mitigating IP spoofing against Tor | The Tor Project

6 Likes

Everything is fine. Telekom sent me the same letter. As many others, you are the target of an IP spoofing attack, described in the link @atari posted.

As many other ISPs, Deutsche Telekom does not understand how the internet works.

2 Likes

I am very relieved thx

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.