On 25 Aug 2015, at 23:54, Heiko Tropartz <butary@gmx.de> wrote:

 
Hello,
 
my ISP deactivated the network traffic of my tor-exit relay because the server is part of the following botnets:
 
- Wapomi
- AldiBot
- Darkness Bot
 
In the last 2 hours I analysed the sparse log files and checked the system by checksums I created after the installation.
The linux server is clean.
 
I send an answer to my ISP, that the server is only an exit-relay for Tor traffic. I also attached a list security software including configurations that I installed.
But the network traffic keeps blocked until I guarantee for a secure network traffic.
 
Can someone advise me what to do?
Any tips and hints?

It's unfortunate your provider doesn't understand the concept of an overlay network, or even the concept of a proxy.

If they are going to continue to judge you by your traffic, here's how you can change the traffic allowed through your exit:

If the botnets connect to particular IP addresses or ports, you can block those in your Tor Exit policy or server firewall.

Alternately, if the complainants / honeypots are on particular IPs, you can block those.

You might have to ask your ISP what IPs or ports are generating the complaints.

Tim (teor)


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7