We're back to IPS, which can drop the specific malicious traffic. I've been
speaking with the lawyer few minutes ago. He told me that there is a
pressure to put all the responsibility for the traffic to the ISPs. Well ...
what are the ISPs most probably going to do ... ? They can ban all tor exit
> On 5 Oct 2016, at 18:10, wrote:
>
> We're back to IPS, which can drop the specific malicious traffic. I've been
> speaking with the lawyer few minutes ago. He told me that there is a pressure
> to put all the responsibility for the traffic to the ISPs. Well ... what are
> the ISPs most pro
On 10/05/2016 01:27 AM, teor wrote:
>
>> On 5 Oct 2016, at 18:10,
>> wrote:
>>
>> We're back to IPS, which can drop the specific malicious traffic.
>> I've been speaking with the lawyer few minutes ago. He told me
>> that there is a pressure to put all the responsibility for the
>> traffic to t
Hi,
Does anyone have experience running a long-lived Exit on OVH / So You Start?
We've just received a threat to shut down our OVH Exit due to abuse complaints.
We were responding to these automated reports (mainly SSH brute force) with
template responses, offering to block the destination IP an
Let's take it from the end.
- nowadays we use IPS to filter over 130k webhosting accounts. It's up to
the admin who set what exactly should be filtered. It's definitely not about
the used sw.
- I don't know how this BadExit evaluation thing works - if it values nodes
automatically by acces
On Wed, 5 Oct 2016 18:55:26 +1100
teor wrote:
> Does anyone have experience running a long-lived Exit on OVH / So You Start?
>
> We've just received a threat to shut down our OVH Exit due to abuse
> complaints.
> We were responding to these automated reports (mainly SSH brute force) with
> tem
I am running an exit relay on OVH VPS for almost a year:
5CA2D60F30F6A2FE61F66CAB248C5484AC3F13B1
During that time I received about 5 abuse reports, most of them were about
SYN flood. Also, I expirienced some strange bandwidth limitation during
February 2016, but in March this limitation silently
On 2016-10-05 at 09:55, teor wrote:
> Hi,
>
> Does anyone have experience running a long-lived Exit on OVH / So You Start?
>
> We've just received a threat to shut down our OVH Exit due to abuse
> complaints.
> We were responding to these automated reports (mainly SSH brute force) with
> templa
> - During my praxis, I've met only like 10% of customers (tor exit node) with
> real data - unfortunately ISP is not the one who can judge that - we have to
> trust our customer
>
TIL that I am an idiot for using my real data.
How do they pay? With all of my webhosting companies I pay with PayPa
On 04.10.2016 23:55, oco...@email.cz wrote:
> If I understand that well ... if tor operator is avare, that his tor
> node is used for illegal activity (when their ISP told them about that)
> and he's not going to do anything abou that, he wont be guity by
> complicity?
Like I said, I am no lawyer
Sounds great, but the reality is many sites will not block Tor traffic
but will send (automated) abuse mails over and over and over again.
Had this with a bank in South Korea who sent weekly abuse mails with
"we will sue you in the USA, we will sue you in South Kora and we will
never ending suing y
usualy bitcoins ... but there were also many cases of strawperson accounts
via stolen ID card or other techniques. We solve that almost on daily basis
with police.
"> - During my praxis, I've met only like 10% of customers (tor exit node)
with
> real data - unfortunately ISP is not the one who
On 05.10.16 13:16, Markus Koch wrote:
> reality is many sites will not block Tor traffic but will send
> (automated) abuse mails over and over and over again.
True, sadly. And like you said it is their right not to block Tor based
traffic. But it is your right not to heed their ongoing complaints
Different viewpoint:
I pay $5 + Taxes (WTF?) for an droplet with DigitalOcean
I pay $7,5 for a VPS with Hostwinds
Someone has to get the abuse mail, check where to send them and then
make this issue as solved. From an economic standpoint this is a
shitty idea. I cost them more than I pay. Even if
Unfortunately for us (as an ISP) it's not just about passing these messages.
If we don't want to be accused from not stopping something illegal we knew
about, we need some feedback - what have been done to prevent this to happen
in the future. If there is no feedback, we usualy disconnect the serv
But this is not only related to Tor sites? May I asked for your
websites so I can understand why you get so much fraud? Working with
an ISP years ago, we didnt had this issue so often. There were users
not paying but it was less fraud and more broke.
Markus
2016-10-05 13:19 GMT+02:00 :
> usual
Interesting seeing as how OVH is one of the biggest VPS services running
Tor exits.
On Oct 5, 2016 3:10 AM, "Roman Mamedov" wrote:
> On Wed, 5 Oct 2016 18:55:26 +1100
> teor wrote:
>
> > Does anyone have experience running a long-lived Exit on OVH / So You
> Start?
> >
> > We've just received a
*cough* Resellers *cough*
2016-10-05 14:21 GMT+02:00 Tristan :
> Interesting seeing as how OVH is one of the biggest VPS services running Tor
> exits.
>
>
> On Oct 5, 2016 3:10 AM, "Roman Mamedov" wrote:
>>
>> On Wed, 5 Oct 2016 18:55:26 +1100
>> teor wrote:
>>
>> > Does anyone have experience
Nope I'm speaking generally about frauds we have to solve. Just few cases
were connected directly to offenders who run tor on fake ID and use it
purpousely as a cover for illegal activity. Other cases usualy use tor as a
medium to anonymize their activity (unfortunately no IPS would help here).
Hi,
I was considering moving my relay to OVH and asked them about their policies
The answer is that Tor is tolerated on physical servers, but strictly
forbidden on VPS
And BTW, their support is indeed terrible...
So, if someone could recommend a Tor friendly ISP in Belgium, I would be
pretty much
Okay, I´ll volunteer as an guinea pig if you are okay with it, I´ll
get 2 VPSs and you do your Snort magic on them. Worst case is that we
all know it isnt working and we have learned something :)
Markus
2016-10-05 14:06 GMT+02:00 :
It's really time consuming and that's
> why I would like to c
I wish I had spare time for doing that magic ... I think, that easier
solution for me as an ISP is to shut the node down.
-- Původní zpráva --
Od: Markus Koch
Komu: tor-relays
Datum: 5. 10. 2016 15:07:37
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort
On 05.10.2016 14:06, oco...@email.cz wrote:
> Unfortunately for us (as an ISP) it's not just about passing these
> messages. If we don't want to be accused from not stopping something
> illegal we knew about, we need some feedback - what have been done to
> prevent this to happen in the future.
I
On Wed, 05 Oct 2016 15:40:49 +, Ralph Seichter wrote:
...
> I can see what motivates you. Personally, I can't think of a scenario
> where I would use automation to set outbound traffic policies (inbound
> traffic is a different matter, fail2ban comes to mind).
How this? Everything to the OR po
The problem with Belgium isn't finding a Tor friendly provider, the
problem is that bandwidth costs a lot of money, very weird considering
Belgium is supposed to be a developed nation (up until recently,
residential lines had a traffic limit too, maybe they still do):
http://www.belgonet.com/
On 05.10.2016 16:03, Andreas Krey wrote:
> Everything to the OR port needs to pass in, esp. when you act as a
> guard, and fail2banning the ssh port, hmm. Everything else is closed
> anyway.
What I meant is that I can see a use for automation when it comes to
securing a server -- not necessarily
@Mirimir:
>> IPS aren't perfect - they let some unwanted traffic through, and
>> block other traffic that is totally ok.
> That is an issue. But there are many exits, so eventually users should
> find one that works well enough for their purposes.
Re-read what you said and think about this fr
These are getting rare. It is much easier to get a seedbox than a tor
exit. I had even bulletproof ISPs who dont want to host exits. Believe
me, I was chatting /mailing ISPs for days and its a mess.
Markus
PS: Tor changed years ago the exit policy and since then Tor is not
anymore one big torrent
Be that as it may, there must be *something* we can do about this as relay
operators. If you get caught doing something illegal on your home Internet
connection, there are warnings, and eventually consequences (like being
disconnected). Just because you run a Tor relay doesn't mean the rules
don't
On 10/05/2016 12:58 PM, Green Dream wrote:
> @Mirimir:
>
>
>>> IPS aren't perfect - they let some unwanted traffic through, and
>>> block other traffic that is totally ok.
>
>
>> That is an issue. But there are many exits, so eventually users should
>> find one that works well enough for their
On Wed, 05 Oct 2016 13:48:19 +, Mirimir wrote:
...
> exits unpredictably unreliable. On the other hand, IPS that only blocked
> automated crap would be a win for real users, relay operators and ISPs,
> no? Why should "... ssh foo@w.x.y.z ... ssh bar@w.x.y.z ... ssh
> baz@w.x.y.z ..." get throug
On 10/05/2016 02:39 PM, Andreas Krey wrote:
> On Wed, 05 Oct 2016 13:48:19 +, Mirimir wrote:
> ...
>> exits unpredictably unreliable. On the other hand, IPS that only blocked
>> automated crap would be a win for real users, relay operators and ISPs,
>> no? Why should "... ssh foo@w.x.y.z ... ss
@Tristan:
> there must be something we can do about this as relay
> operators.
No, we don't need to do anything. Tor has been running under these
principles of uncensored access for a long time. Find an ISP that
understands Tor, appreciates the nature of the service and its value,
and is willing
>
>
> No, we don't need to do anything. Tor has been running under these
> principles of uncensored access for a long time. Find an ISP that
> understands Tor, appreciates the nature of the service and its value,
> and is willing to work with you in a reasonable manner on abuse
> complaints. It's t
> You are ignoring completely reality, aren't you?
No, I'm describing the status quo, how Tor already operates. "Don't
run IPS/Snort on exits" has been a long standing response from the Tor
folks. It looks to me like that response is essentially unchanged.
_
On 05.10.16 23:18, Green Dream wrote:
> Yes we need to be responsive to abuse complaints, but no, we don't
> have to implement IPS systems or proactively block traffic just to
> appease an ISP who gets stressed out by automated abuse complaints.
That. Blocking traffic should be a last resort, and
No, you are not. Its not that simple as "just find a ISP"
The Tor network is made up of volunteers, so you need a:
1. ISP with more than laughable traffic limits
2. Tor friendly
3. Cheap
4. and with traffic connections that the Tor network likes
Thats not easy. OVH (the biggest in Tor) is pissed
@Markus
Okay, so you are offended by the phrase "it's that simple". Sorry, if
I could remove that sentence I would. I didn't mean to imply that
running an exit was trivial or easy.
Otherwise, I stand by my argument -- automated filtering or blocking
is not the right answer. The co-founder of Tor
Then what _can_ we do? Because as it stands, Tor is the perfect tool for
criminals, and your stand is "do nothing." An ISP can trace illegal
activity to a user, we can't. Even if Tor is considered an ISP in that
sense, the rules vary by country, maybe even by provider.
I'm being to think there is
> I'm being to think there is no real solution to the problem. As long as Tor
> serves its purpose of providing uncensored access to the Internet, bad guys
> will always abuse it, and the operators will almost always be at odds with
> their ISP. Anything we try to do to block abuse will destroy the
Well, this sentence from the EFF gives me some peace of mind: "You are not
helping criminals by using Tor any more than you are helping criminals by
using the Internet."
I still wish there was a better way to handle things, but at this point I'm
just begging the question.
On Wed, Oct 5, 2016 at 5
On 05/10/16 06:20 PM, Green Dream wrote:
Criminals using Tor is not a new problem. It's addressed as the first
question in the Abuse FAQ, here:
https://www.torproject.org/docs/faq-abuse.html.en#WhatAboutCriminals
and it's discussed by the EFF here:
https://www.eff.org/deeplinks/2014/07/7-things-
On Wed, 05 Oct 2016 14:52:53 +, Mirimir wrote:
...
> >> no? Why should "... ssh foo@w.x.y.z ... ssh bar@w.x.y.z ... ssh
> >> baz@w.x.y.z ..." get through, if it destroys exits? Maybe someone could
...
> > for i in subdir/*; do ssh host mkdir -p "$i"; done
> >
> > with an ssh-agent would look
>> > for i in subdir/*; do ssh host mkdir -p "$i"; done
>> >
>> > with an ssh-agent would look pretty exactly the same to the exit node.
>>
>> OK, so I left out the "Permission denied, please try again." bits :)
>
> The exit node doesn't see that - that's the point of ssh. It can
> at best look a
44 matches
Mail list logo
