[tor-relays] Verizon AS701 blocking Tor consensus server tor26 (86.59.21.38)
Neel Chauhan
neel at neelc.org
Thu May 24 20:09:25 UTC 2018
Hi tor-relays mailing list,
Good news! Verizon unblocked tor26 (86.59.21.38).
I posted something similar on NANOG (with modifications for network
people) here:
https://mailman.nanog.org/pipermail/nanog/2018-May/095386.html
Someone nice at Verizon must have read NANOG (VZ NOC people probably do
read NANOG) and unblocked tor26. Here is a (successful) traceroute:
neel at flex:~ % traceroute 86.59.21.38
traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets
1 unknown (192.168.1.1) 0.886 ms 0.567 ms 0.460 ms
2 lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1) 2.437 ms
2.129 ms 1.127 ms
3 B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94) 3.957 ms 5.827
ms
B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96) 5.022 ms
4 * * *
5 0.et-11-1-5.BR3.NYC4.ALTER.NET (140.222.2.131) 3.527 ms
0.et-5-0-2.BR3.NYC4.ALTER.NET (140.222.239.37) 4.578 ms
0.et-11-1-5.BR3.NYC4.ALTER.NET (140.222.2.131) 18.629 ms
6 204.255.168.118 (204.255.168.118) 4.764 ms 8.144 ms 7.132 ms
7 sl-crs3-lon-0-6-3-0.sprintlink.net (144.232.9.165) 70.718 ms
sl-crs1-lon-0-6-2-0.sprintlink.net (144.232.13.44) 79.200 ms
144.232.13.112 (144.232.13.112) 78.583 ms
8 144.232.13.108 (144.232.13.108) 83.652 ms
213.206.129.100 (213.206.129.100) 86.477 ms 83.988 ms
9 217.149.32.65 (217.149.32.65) 100.367 ms 95.808 ms
sl-crs4-ams-0-7-0-3.sprintlink.net (213.206.129.139) 85.614 ms
10 217.149.47.46 (217.149.47.46) 84.036 ms 84.193 ms 83.651 ms
11 ams5-core-1.bundle-ether1.tele2.net (130.244.82.54) 79.584 ms
79.037 ms 78.659 ms
12 ams-core-2.bundle-ether9.tele2.net (130.244.82.57) 91.635 ms
94.684 ms 93.261 ms
13 wen3-core-2.bundle-ether15.tele2.net (130.244.71.47) 105.583 ms
105.421 ms 105.308 ms
14 tele2at-bundle2-vie3.net.uta.at (212.152.189.65) 112.490 ms
105.685 ms 111.003 ms
15 86.59.118.145 (86.59.118.145) 130.001 ms 138.869 ms 106.799 ms
16 tor.noreply.org (86.59.21.38) 106.681 ms 105.468 ms 105.891 ms
neel at flex:~ %
(it's on a different laptop, my 'xb2' refuses to charge now, still same
connection however).
Now no consensus relays are blocked on FiOS!
Although **most** Verizon NOC people probably don't read tor-relays
(unlike NANOG's mailing lists), but to the person who read my NANOG post
and unblocked tor26 (86.59.21.38), thank you so much!
Thank You,
Neel Chauhan
===
https://www.neelc.org/
On 2018-05-15 20:12, Neel Chauhan wrote:
> Hi tor-relays mailing list,
>
> I have noticed that the Tor consensus server tor26
> (https://metrics.torproject.org/rs.html#details/847B1F850344D7876491A54892F904934E4EB85D)
> is blocked on Verizon's UUNET (AS701) backbone, and therefore,
> Verizon's retail services like FiOS and Wireless. I can confirm this
> on FiOS, but I don't use Verizon Wireless (my smartphone uses Sprint)
> so I can't test it there.
>
> A traceroute to tor26's IP address 86.59.21.38 from a Brooklyn
> apartment shows this is filtered on Verizon's backbone:
>
> neel at xb2:~ % traceroute 86.59.21.38
> traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets
> 1 unknown (192.168.1.1) 1.128 ms 0.780 ms 0.613 ms
> 2 lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1) 1.001 ms
> 3.632 ms 0.900 ms
> 3 B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96) 2.291 ms
> B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94) 3.172 ms
> 4.046 ms
> 4 * * *
> 5 * * *
> 6 * * *
> 7 * * *
> 8 * * *
> 9 * * *
> ^C
> neel at xb2:~ %
>
> In a normal traceroute, you will see ALTER.NET at hop 5. Also, the
> subnet 86.59.21.0/24 is not filtered on UUNET. A traceroute to
> 86.59.21.1 works:
>
> neel at xb2:~ % traceroute 86.59.21.1
> traceroute to 86.59.21.1 (86.59.21.1), 64 hops max, 40 byte packets
> 1 unknown (192.168.1.1) 0.863 ms 0.757 ms 0.579 ms
> 2 lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1) 1.010 ms
> 1.545 ms 1.034 ms
> 3 B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96) 3.616 ms
> B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94) 5.696 ms
> 10.062 ms
> 4 * * *
> 5 0.et-5-1-5.BR3.NYC4.ALTER.NET (140.222.2.127) 3.492 ms 3.506 ms
> 2.996 ms
> 6 204.255.168.118 (204.255.168.118) 8.462 ms 7.479 ms 7.252 ms
> 7 144.232.4.84 (144.232.4.84) 5.041 ms 4.688 ms
> sl-crs3-lon-0-6-3-0.sprintlink.net (144.232.9.165) 71.865 ms
> 8 sl-crs2-lon-0-0-3-0.sprintlink.net (213.206.128.181) 72.214 ms
> 73.579 ms 72.339 ms
> 9 213.206.129.142 (213.206.129.142) 81.390 ms
> sl-crs4-ams-0-7-0-3.sprintlink.net (213.206.129.139) 85.854 ms
> 93.238 ms
> 10 217.149.47.46 (217.149.47.46) 79.004 ms 85.669 ms 79.392 ms
> 11 ams5-core-1.bundle-ether1.tele2.net (130.244.82.54) 86.507 ms
> 78.374 ms 77.740 ms
> 12 ams-core-2.bundle-ether9.tele2.net (130.244.82.57) 79.642 ms
> 77.926 ms 81.515 ms
> 13 wen3-core-2.bundle-ether15.tele2.net (130.244.71.47) 105.400 ms
> 105.089 ms 109.751 ms
> 14 tele2at-bundle2-vie3.net.uta.at (212.152.189.65) 122.716 ms
> 110.820 ms 114.354 ms
> 15 86.59.21.1 (86.59.21.1) 106.389 ms * 105.379 ms
> neel at xb2:~ %
>
> I got in contact with Peter Palfrader and he says he couldn't help,
> and also with Verizon FiOS support and they said the filtering 'isn't
> on Verizon's network' (read: isn't on Verizon's internal FiOS network
> but still on Verizon's AS701 which I have to go to to get anywhere on
> the Internet here).
>
> I know that this IP could have been blackholed, and you may think that
> if Verizon is blocking it, then isn't Level 3 or Cogent? Well, Cogent
> doesn't block tor26:
>
> traceroute to 86.59.21.38 (86.59.21.38), 30 hops max, 60 byte packets
> 1 gi0-1-1-19.5.agr21.jfk02.atlas.cogentco.com (66.28.3.113) 0.727
> ms 0.727 ms
> 2 be2605.ccr41.jfk02.atlas.cogentco.com (154.54.1.153) 2.177 ms
> be2606.ccr42.jfk02.atlas.cogentco.com (154.54.2.29) 0.734 ms
> 3 be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86) 68.557 ms
> be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186) 70.829 ms
> 4 be12488.ccr42.ams03.atlas.cogentco.com (130.117.51.42) 74.570 ms
> be12194.ccr41.ams03.atlas.cogentco.com (154.54.56.94) 76.767 ms
> 5 be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241) 74.515 ms
> 74.612 ms
> 6 149.6.129.250 (149.6.129.250) 80.758 ms 74.625 ms
> 7 ams5-core-1.bundle-ether1.tele2.net (130.244.82.54) 75.421 ms
> 75.425 ms
> 8 ams-core-2.bundle-ether9.tele2.net (130.244.82.57) 74.516 ms
> 74.558 ms
> 9 wen3-core-2.bundle-ether15.tele2.net (130.244.71.47) 97.605 ms
> 95.470 ms
> 10 tele2at-bundle2-vie3.net.uta.at (212.152.189.65) 100.314 ms
> 97.947 ms
> 11 86.59.118.145 (86.59.118.145) 96.918 ms 98.620 ms
> 12 tor.noreply.org (86.59.21.38) 97.853 ms 98.110 ms
>
> (Source: http://www.cogentco.com/en/network/looking-glass)
>
> It could be possible that other Tier 1 networks formerly blocked
> tor26, and also unblocked, but Verizon was sloppy not to do so.
>
> It's also possible that Verizon could be doing it because the FCC
> repealed Net Neturality, and wants to discourage use of Tor to mine
> FiOS/VZW customers' browsing habits. But despite a NN repeal I can
> still access Tor on FiOS, and also run a relay (I do both) because
> other consensus relays are still unblocked.
>
> But if Verizon didn't unblock tor26, could it actually mean that
> Verizon wants to discourage Tor (and VPN/proxy) use to try to mine
> information of their customers (and sell ads/information) and direct
> users to VZ-owned AOL and Yahoo? Well, I hope they were just sloppy
> and don't mean to wage war on Tor.
>
> While I'm not saying you should avoid using anything Verizon at all
> costs (I certainly wouldn't want to go to the local cable company), I
> just want to point out a blocked consensus server.
>
> Thank You,
>
> Neel Chauhan
>
> ===
>
> https://www.neelc.org/
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list