<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div apple-content-edited="true"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="font-family: UICTFontTextStyleBody; font-size: 19px; -webkit-text-size-adjust: auto;"><br></div></div></div></div></div></div></div></div></div><div>On 25 Aug 2015, at 23:54, Heiko Tropartz <<a href="mailto:butary@gmx.de">butary@gmx.de</a>> wrote:<br><br></div><blockquote type="cite"><div style="font-family: Verdana;font-size: 12.0px;"><div> </div>
<div class="signature">Hello,</div>
<div class="signature"> </div>
<div class="signature">my ISP deactivated the network traffic of my tor-exit relay because the server is part of the following botnets:</div>
<div class="signature"> </div>
<div class="signature">- Wapomi<br>
- AldiBot<br>
- Darkness Bot</div>
<div class="signature"> </div>
<div class="signature">In the last 2 hours I analysed the sparse log files and checked the system by checksums I created after the installation.</div>
<div class="signature">The linux server is clean.</div>
<div class="signature"> </div>
<div class="signature">I send an answer to my ISP, that the server is only an exit-relay for Tor traffic. I also attached a list security software including configurations that I installed.</div>
<div class="signature">But the network traffic keeps blocked until I guarantee for a secure network traffic.</div>
<div class="signature"> </div>
<div class="signature">Can someone advise me what to do?</div>
<div class="signature">Any tips and hints?</div></div></blockquote><div><br></div>It's unfortunate your provider doesn't understand the concept of an overlay network, or even the concept of a proxy.<div><br></div><div>If they are going to continue to judge you by your traffic, here's how you can change the traffic allowed through your exit:</div><div><br><div>If the botnets connect to particular IP addresses or ports, you can block those in your Tor Exit policy or server firewall.</div><div><br></div><div>Alternately, if the complainants / honeypots are on particular IPs, you can block those.</div><div><br></div><div>You might have to ask your ISP what IPs or ports are generating the complaints.</div><div><br></div><div>Tim (teor)</div><div><br></div><div><br></div><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="background-color: rgba(255, 255, 255, 0);">Tim Wilson-Brown (teor)</span></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="background-color: rgba(255, 255, 255, 0);">teor2345 at gmail dot com<br>pgp 0xABFED1AC<br><a href="https://gist.github.com/teor2345/d033b8ce0a99adbc89c5">https://gist.github.com/teor2345/d033b8ce0a99adbc89c5</a><br><br>teor at blah dot im<br>OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7</span></div></div><div><br></div><div><br></div></div></body></html>