I am receiving more and more trouble from running an exit node here.
Perhaps we should refuse to support US legislation?
On 10/04/2016 06:35 PM, Green Dream wrote:
> @keb:
>
>> It is not our problem if someone uses
>> the telecom network to read/write data to a vulnerable server - it is
>> the vu
@keb:
> It is not our problem if someone uses
> the telecom network to read/write data to a vulnerable server - it is
> the vulnerable server's problem to fix.
Sounds great, but this is not how it works in the real world.
> The ISP (and Tor network) are
> only responsible for delivering the pa
Is the distinction between knowledge after the fact and knowledge at
the time of occurence of "bad traffic" not important?
I'm all for reducing bad traffic, but where does the line get drawn?
I've also been dealing with multiple abuse reports on Digital Ocean.
Quite a few common abuse ports are a
What should a tor exit op do? Ban the user? exits get the traffic from middle
nodes and we cant tell (by design) who anyone is. We can block ips but that is
not really helping with bots who tries to find vulnerabilities and scan large
blocks.
markus
Sent from my iPad
> On 4 Oct 2016, at 23:55
If I understand that well ... if tor operator is avare, that his tor node is
used for illegal activity (when their ISP told them about that) and he's not
going to do anything abou that, he wont be guity by complicity?
"On 04.10.16 22:37, oco...@email.cz wrote:
> Tor and IPS has both it's own na
On 04.10.16 22:37, oco...@email.cz wrote:
> Tor and IPS has both it's own nature and you shouldn't be punished, if
> your intension was just to filter the bad traffic.
And who is to decide what constitutes "bad traffic"? I am not a lawyer,
but in Germany one of the cornerstones of not being held
Everything is easy when you hit the base of the problem and you're able to
change it. I don't know what kind of community gathers here. Let's see where
the discussion leads.
Petr
"Just for shits and giggles:
Do you have a good, easy, workable solution to this complex problem?
Markus
2016-1
This is really interesting. I just don't understand, how you can be
responsible for the traffic, when you use the IPS. Tor and IPS has both it's
own nature and you shouldn't be punished, if your intension was just to
filter the bad traffic. Can you be more specific about some real case, when
thi
Just for shits and giggles:
Do you have a good, easy, workable solution to this complex problem?
Markus
2016-10-04 22:19 GMT+02:00 :
> And I'm not against you (tor admins/operators) ;)
>
> I'm really glad that this discussion started, let's see, if we can find some
> solution.
>
> Just 2 make
Okay, I am getting confused.
(OSI model here)
ATM we are traffic shaping/blocking at layer 3
DNS is layer 7.
destination IP and port should be layer 1-4, right?
Markus
2016-10-04 22:18 GMT+02:00 Roger Dingledine :
> On Tue, Oct 04, 2016 at 10:08:25PM +0200, Markus Koch wrote:
>> Thank you ver
And I'm not against you (tor admins/operators) ;)
I'm really glad that this discussion started, let's see, if we can find some
solution.
"Just 2 make 1 thing clear: Its not we against you (ISPs).
Working myself years ago at an ISP I know the trouble and I understand
the issues.
Markus
201
On Tue, Oct 04, 2016 at 10:08:25PM +0200, Markus Koch wrote:
> Thank you very much, interesting. So I could block URLs but not on
> deep packet inspection?
That's where it starts to get murky: where do headers end and contents
begin? It depends what protocol layer you're looking at. Law-makers
spe
Thank you very much, interesting. So I could block URLs but not on
deep packet inspection?
Markus
2016-10-04 22:04 GMT+02:00 Roger Dingledine :
> On Tue, Oct 04, 2016 at 09:55:01PM +0200, Markus Koch wrote:
>> Everyone is running a reduced exit policy ... I only allow HTTP +
>> HTTPS and I know
On Tue, Oct 04, 2016 at 09:55:01PM +0200, Markus Koch wrote:
> Everyone is running a reduced exit policy ... I only allow HTTP +
> HTTPS and I know nobody who allows port 25 at the end of the day
> we all shape our exit traffic.
Choosing what to do with your traffic based on headers is fundam
The BEST relay I can see is
https://torstatus.blutmagie.de/router_detail.php?FP=3181f36ce226b30bd2845872655d55e7d0b4a846
with whopping 776 KByte/sec
95% of the amazon relays are dead. zero traffic.
Markus
2016-10-04 21:53 GMT+02:00 nusenu :
>> Awhile ago Tor blocked relays from running on Am
Everyone is running a reduced exit policy ... I only allow HTTP +
HTTPS and I know nobody who allows port 25 at the end of the day
we all shape our exit traffic.
Markus
2016-10-04 21:42 GMT+02:00 Roger Dingledine :
> On Tue, Oct 04, 2016 at 10:21:14AM -0500, BlinkTor wrote:
>> The technical
> Awhile ago Tor blocked relays from running on Amazon AWS (after there was
> an attach that originated from Amazon-hosted nodes). Google GCE was also
> blocked. See this thread about it from last year when I tried to run a node
> on google's cloud:
> https://lists.torproject.org/pipermail/tor-rela
On Tue, Oct 04, 2016 at 10:21:14AM -0500, BlinkTor wrote:
> The technical problem is that implementing IPS in Tor would be massively
> non-trivial.[...]
>
> The political problem is, what gets blocked by TIPS and what doesn???t? Who
> gets to decide? What if some of those brute-force SSH or DOS
Just 2 make 1 thing clear: Its not we against you (ISPs).
Working myself years ago at an ISP I know the trouble and I understand
the issues.
Markus
2016-10-04 19:49 GMT+02:00 :
> Hello,
>
> I'm the ISP technician who is negotiating with Paul who started this thread.
> I just read this whole di
Hello,
I'm the ISP technician who is negotiating with Paul who started this thread.
I just read this whole discussion and I think that there are few things
which need to be mentioned.
The threat of blocked subnet is real. It happened once to us and we don't
want to experience that anymor
2016-10-04 19:21 GMT+02:00 Tristan :
> I hate Webiron. They never marked any of my IP abuses as resolved, even
> though I responded and revised my exit policy within 24 hours of the
> complaint.
>
>
Ticket or e-mail?
Markus
___
tor-relays mailing list
t
I hate Webiron. They never marked any of my IP abuses as resolved, even
though I responded and revised my exit policy within 24 hours of the
complaint.
On Oct 4, 2016 12:10 PM, "Markus Koch" wrote:
> 100% agreed.
>
> Just let us kick out the bots ...
>
> Offending/Source IP: 95.85.45.159
>
100% agreed.
Just let us kick out the bots ...
Offending/Source IP: 95.85.45.159
- Issue: Source has attempted the following botnet activity:
Semalt Referrer Spam Tor Exit Bot
I am not in for free speech for bots and anything without a pulse.
markus
Hello!
=== You are receiving this e
Am 04.10.2016 um 18:46 schrieb Moritz Bartl:
> Still, this will not help in this (and related) cases: I have not yet
> seen proven cases where the reputation of the netblock was endangered,
> but if an ISP is afraid of that, there's no good way to cooperate. An
> IDS is their obvious suggestion,
Am 04.10.2016 um 18:24 schrieb krishna e bera:
> What if someone who doesnt like Tor project is deliberately accessing
> honeypots in order to get exit nodes shut down?
That seems kind of easy, because there are some certain spots where you can
assume those pots to be and depending on the respo
On 10/04/2016 06:23 PM, Tristan wrote:
> Wouldn't it be interesting if we could set up some kind of central "Tor
> Abuse Center" where all the complaints go, and all the relay operators
> can help respond to them. I suppose it would be pretty chaotic though...
We actually discussed this briefly ag
What if someone who doesnt like Tor project is deliberately accessing
honeypots in order to get exit nodes shut down?
We need to establish some sort of legal or political solidarity to tell
ISPs to be net neutral with us. It is not our problem if someone uses
the telecom network to read/write data
Wouldn't it be interesting if we could set up some kind of central "Tor
Abuse Center" where all the complaints go, and all the relay operators can
help respond to them. I suppose it would be pretty chaotic though...
On Oct 4, 2016 11:18 AM, "pa011" wrote:
> Yes its ISP - plus 10 times more fire-
Yes its ISP - plus 10 times more fire-power both, Markus and me
which is 10 times more work, sadly :-(
Am 04.10.2016 um 18:12 schrieb Markus Koch:
> Short answer: ISP
>
> I got 2 abuse mails (1 false positive) from Hostwinds in 4 months and
> I get weekly mass reports from DigitalOcean.
> And t
Short answer: ISP
I got 2 abuse mails (1 false positive) from Hostwinds in 4 months and
I get weekly mass reports from DigitalOcean.
And the thing that pisses me off is: Its all bots or Tax spam or other
stuff I got weeks/months ago. Different day, same shitty abuse mail.
Markus
2016-10-04 18:0
I don't know what I'm doing different, because I only got 2 complaints in
the last 2 months, and that was for SSH and SQL stuff.
On Oct 4, 2016 11:01 AM, "pa011" wrote:
> Me too Markus -could fill a folder with that tax issue :-((
> Costing a lot of time to answer and restrict the IPs
>
> Plus m
Me too Markus -could fill a folder with that tax issue :-((
Costing a lot of time to answer and restrict the IPs
Plus my ISP moaning with good reason: "It's not just about you, but you're
giving a bad reputation to one /21 and one /22 subnet. That's ~ 3000 IPs which
are potentionaly endagered to
same shit here:
Dear User,
We are contacting you because of unusual activity coming from your IP
address towards the IT infrastructure of the European Commission.
In specific, since 03/10/2016, IP addresses 95.85.45.159 &
104.236.225.19 of Digital Ocean, located in the Netherlands (NL) and
the USA
Am 04.10.2016 um 16:48 schrieb krishna e bera:
> On 04/10/16 08:48 AM, pa011 wrote:
>> One of my main ISP is going mad with the number of abuses he gets from my
>> Exits (currently most on port 80).
>> He asks me to install "Intrusion Prevention System Software" or shutting
>> down the servers.
> On Oct 4, 2016, at 7:48 AM, pa011 wrote:
>
> One of my main ISP is going mad with the number of abuses he gets from my
> Exits (currently most on port 80).
> He asks me to install "Intrusion Prevention System Software" or shutting down
> the servers.
> He personally recommends Snort or Suri
On 04/10/16 08:48 AM, pa011 wrote:
> One of my main ISP is going mad with the number of abuses he gets from my
> Exits (currently most on port 80).
> He asks me to install "Intrusion Prevention System Software" or shutting down
> the servers.
You can first ask him for a copy of the complaints i
Awhile ago Tor blocked relays from running on Amazon AWS (after there was
an attach that originated from Amazon-hosted nodes). Google GCE was also
blocked. See this thread about it from last year when I tried to run a node
on google's cloud:
https://lists.torproject.org/pipermail/tor-relays/2015-Au
One of my main ISP is going mad with the number of abuses he gets from my Exits
(currently most on port 80).
He asks me to install "Intrusion Prevention System Software" or shutting down
the servers.
He personally recommends Snort or Suricata.
As far as I understand implementing such a software
On 03.10.16 18:13, Ralph Wetzel wrote:
> I've just created a small modification so that The Box supports now
> APScheduler v3.x as well as v2.x. Be aware that this is not heavily
> tested - yet works flawless in my development environment.
Thanks. The new version works for me with APScheduler 2 o
39 matches
Mail list logo
