A network intrusion attempt from XXX.XXX.XXX.XXX has been detected. TOR

Unifi keeps yelling at me that it’s blocking intrusions from known TOR exit nodes on my farm VM (Debian CLI). I disabled forwarding of 8444 and it continues. There is nothing but my Chia Farm on this VM. Any concern?


Not an IT guy myself, but it tracks that we’re higher value targets. Thieves and North Korea can’t resist, we broadcast our IP address just by the nature of the software we run.

I have shut down the VM and the alerts have stopped. This is making me think it’s false positives for legitimate traffic. Unless the adversary is only looking for currently active nodes. Unify doesn’t describe what happened. Just that an intrusion was detected.

I have it on a VLAN. but I’d like to get to the bottom of it.

Recheck you network setup. Since you shut down the Vm and the error went away. Why do you have it on a VLAN, just asking, all your TAG’s are correct?

I have any server/peering/IoT on a VLAN. For this very reason. A level of confidence that any breach or unscrupulous app I inadvertently install has a smaller blast radius.

My VLAN is fine. Why do you suggest misconfiguration as a possibility for the alerts?

When I took care of a VOIP Dev lab in Boca Raton, Fl there were many setups with small boo-boo’s that caused issues. That’s why a recheck is easy to do.

1 Like

No other thoughts here? This must be a fairly common alert. Why are TOR exit nodes involved?

Interestingly - I restored my farm and the alerts haven’t started again. I can only assume these WERE attacks that have subsided since I dropped off the pool of IPs. It’s been a few days now.