<html><head></head><body><div class="ydpecc7f1e5yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div><div>Eddie,</div><div><br></div><div>When experiencing similar issues, the recommended solution I received, from this list, and that seems to work best is a VPN for affected traffic.</div><div><br></div><div>With dnsmasq, iptables or reverse proxy, and a dedicated split-tunnel vpn, I shunt affect traffic over the split-tunnel vpn without end-users on my local network even knowing.</div><div><br></div><div>Seems to work fairly well.</div><div><br></div><div>Best of luck.</div><div><br></div><div><br></div><div>Gary</div><div class="ydpecc7f1e5signature">—<br>This Message Originated by the Sun.<br>iBigBlue 63W Solar Array (~12 Hour Charge)<br>+ 2 x Charmast 26800mAh Power Banks<br>= iPhone XS Max 512GB (~2 Weeks Charged)</div></div>
<div><br></div><div><br></div>
<div id="ydpecc7f1e5yahoo_quoted_5452168429" class="ydpecc7f1e5yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Wednesday, June 15, 2022, 11:56:37 PM PDT, Eddie <stunnel@attglobal.net> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div dir="ltr">Have a question about how a server I connect to can tell I am running a <br></div><div dir="ltr">guard/middle relay. All I can think of is that they check the published <br></div><div dir="ltr">list of tor nodes against the IP. Or (maybe, but unlikely) portscan the <br></div><div dir="ltr">IP and probe any open ports to determine the service. Are there any <br></div><div dir="ltr">other methods that can be used.<br></div><div dir="ltr"><br></div><div dir="ltr">Background: The corp my wife works for blocked our IP. The excuse they <br></div><div dir="ltr">gave was that it was due to a change made by a vendor they use to <br></div><div dir="ltr">identify malicious IP addresses. I have been running the relay for <br></div><div dir="ltr">almost 5 years without any previous flagging. They also state that <br></div><div dir="ltr">running a middle relay is not in violation of any policy, but the vendor <br></div><div dir="ltr">mis-identified our relay as an exit, hence blocking it.<br></div><div dir="ltr"><br></div><div dir="ltr">After changing the IP, the new IP was also blocked in less than 24 <br></div><div dir="ltr">hours. My feeling is that the vendor is now just using the full list of <br></div><div dir="ltr">tor nodes and indiscriminately blocking everything, despite what the <br></div><div dir="ltr">corp security folks say.<br></div><div dir="ltr"><br></div><div dir="ltr">I'm looking for some sort of validation I can use to counter their claims.<br></div><div dir="ltr">_______________________________________________<br></div><div dir="ltr">tor-relays mailing list<br></div><div dir="ltr"><a href="mailto:tor-relays@lists.torproject.org" rel="nofollow" target="_blank">tor-relays@lists.torproject.org</a><br></div><div dir="ltr"><a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="nofollow" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br></div></div>
</div>
</div></div></body></html>