On Wednesday, June 15, 2022, 11:56:37 PM PDT, Eddie <stunnel@attglobal.net> wrote:
Have a question about how a server I connect to can tell I am running a
guard/middle relay. All I can think of is that they check the published
list of tor nodes against the IP. Or (maybe, but unlikely) portscan the
IP and probe any open ports to determine the service. Are there any
other methods that can be used.
Background: The corp my wife works for blocked our IP. The excuse they
gave was that it was due to a change made by a vendor they use to
identify malicious IP addresses. I have been running the relay for
almost 5 years without any previous flagging. They also state that
running a middle relay is not in violation of any policy, but the vendor
mis-identified our relay as an exit, hence blocking it.
After changing the IP, the new IP was also blocked in less than 24
hours. My feeling is that the vendor is now just using the full list of
tor nodes and indiscriminately blocking everything, despite what the
corp security folks say.
I'm looking for some sort of validation I can use to counter their claims.
_______________________________________________
tor-relays mailing list