[tor-relays] Middle relay IP blocking
Eddie
stunnel at attglobal.net
Mon Aug 7 21:26:01 UTC 2023
On 8/7/2023 1:28 PM, s7r wrote:
> lists at for-privacy.net wrote:
>> On Samstag, 5. August 2023 08:40:42 CEST Marco Predicatori wrote:
>>> securehell at gmail.com wrote on 8/4/23 01:46:
>>>> I tried reporting a similar issue a few months ago (post wasn’t
>>>> approved
>>>> by
>>>> moderator). I was running a relay from my home ISP. After a short
>>>> while
>>>> certain websites became inaccessible from other computers in my home
>>>> network that shared the same public IP. After trial and error with
>>>> other
>>>> IP addresses (non-Tor) I realized commercial gateway services had
>>>> blacklisted our IP address.
>>>
>>> Same here, middle node. In order to access some sites, I have to
>>> shut down
>>> briefly my modem in order to obtain a new IP, and for a while all goes
>>> smoothly again.
>>
>> Hi @all,
>>
>> Just my 2 cents. Is this worth the hassle?
>> Calculate your power consumption 24x7x30 @home.
>>
>> For 1-5$ you can get a VPS.
>> This exit has 1GB RAM and 1CPU and costs $3.50/month
>> https://metrics.torproject.org/rs.html#details/376DC7CAD597D3A4CBB651999CFAD0E77DC9AE8C
>>
>>
>> Search or ask for offers on LEB & LET:
>> https://lowendbox.com/
>> https://lowendtalk.com/discussion/185210/tor-relay-bridge
>>
>> $websearch: cheap vps unlimited bandwidth
>> IONOS 1,-EUR/Month - 1GB RAM - 1vCore unlimited bandwidth - prepaid
>> (=no contract term)
>> https://www.ionos.de/server/vps
>>
>> Dedicated server for $15 per month: 4 Cores/4 threads - 16GB DDR3 - 5
>> usable IPv4 :-)
>> https://www.nocix.net/cart/?id=261
>
> While all the above is true, a thing to remember is to make sure we
> don't end up all renting too many VPS'es or dedicated servers in the
> same places / same AS numbers - we need network diversity, it is a
> very important factor, more AS numbers, more providers, more physical
> locations, etc. So, running at home is super good and recommended from
> this perspective, provides us with the diversity we need, however not
> being to login to online banking to pay an electricity bill because of
> a middle relay is also way too annoying.. however who can afford the
> hassle should definitely run a middle relay or bridge at home (even
> Exit relay, I do run an Exit relay at my office place and I had one
> police visit in like 8 years or so).
>
> The problem here is with the people who treat 1 IP address = 1 person,
> this assumption which is 3 decades old should disappear once and
> forever. I cannot imagine what kind of an IT/security expert would use
> a black list (haha) that contains Tor relays (double haha) and also
> applies same restrictions to *middle* relays (triple haha). There are
> so many ways to properly handle an IP address that sends
> robotic/unrequested traffic which are so obvious I'm not going to spam
> the list to enumerate them.
As much as I would like to laugh along with you, it's clearly the case
from my experiences, and some of the folks in this thread, that there
are some major outsourced firewall/protection companies who
unfortunately do have the IT/security folks you can't imagine. I've
spoken to one senior network technician at a major US wide bank because
after running a middle relay for 5 years with only minor issues, my wife
who works from home for the bank was suddenly blocked from accessing the
bank network. He fully understood what a middle relay was and was quite
happy for me to run one, but was unable to do anything as they had just
outsourced the network "protection" and whoever they had outsourced to
was classing the middle relay as a threat, and so blocking her access.
Cheers.
More information about the tor-relays
mailing list