My relay exhibits the same results on AS701, MCI Communications Services, Inc. d/b/a Verizon Business https://metrics.torproject.org/rs.html#details/924B24AFA7F075D059E8EEB284CC4...
matthew@freedom:~$ traceroute 86.59.21.38 traceroute to 86.59.21.38 (86.59.21.38), 30 hops max, 60 byte packets 1 lo0-100.RCMDVA-VFTTP-307.verizon-gni.net (96.253.78.1) 4.340 ms 4.297 ms 4.273 ms 2 B3307.RCMDVA-LCR-22.verizon-gni.net (130.81.24.74) 3.854 ms 4.156 ms 8.609 ms 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * *
On Tue, May 15, 2018 at 9:18 PM Shawn Webb shawn.webb@hardenedbsd.org wrote:
On Tue, May 15, 2018 at 08:12:50PM -0400, Neel Chauhan wrote:
Hi tor-relays mailing list,
I have noticed that the Tor consensus server tor26 (
https://metrics.torproject.org/rs.html#details/847B1F850344D7876491A54892F90... )
is blocked on Verizon's UUNET (AS701) backbone, and therefore, Verizon's retail services like FiOS and Wireless. I can confirm this on FiOS, but I don't use Verizon Wireless (my smartphone uses Sprint) so I can't test it there.
A traceroute to tor26's IP address 86.59.21.38 from a Brooklyn apartment shows this is filtered on Verizon's backbone:
neel@xb2:~ % traceroute 86.59.21.38 traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets 1 unknown (192.168.1.1) 1.128 ms 0.780 ms 0.613 ms 2 lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1) 1.001 ms
3.632
ms 0.900 ms 3 B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96) 2.291 ms B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94) 3.172 ms
4.046 ms
4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * ^C neel@xb2:~ %
In a normal traceroute, you will see ALTER.NET at hop 5. Also, the
subnet
86.59.21.0/24 is not filtered on UUNET. A traceroute to 86.59.21.1
works:
neel@xb2:~ % traceroute 86.59.21.1 traceroute to 86.59.21.1 (86.59.21.1), 64 hops max, 40 byte packets 1 unknown (192.168.1.1) 0.863 ms 0.757 ms 0.579 ms 2 lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1) 1.010 ms
1.545
ms 1.034 ms 3 B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96) 3.616 ms B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94) 5.696 ms
10.062 ms
4 * * * 5 0.et-5-1-5.BR3.NYC4.ALTER.NET (140.222.2.127) 3.492 ms 3.506 ms
2.996
ms 6 204.255.168.118 (204.255.168.118) 8.462 ms 7.479 ms 7.252 ms 7 144.232.4.84 (144.232.4.84) 5.041 ms 4.688 ms sl-crs3-lon-0-6-3-0.sprintlink.net (144.232.9.165) 71.865 ms 8 sl-crs2-lon-0-0-3-0.sprintlink.net (213.206.128.181) 72.214 ms
73.579
ms 72.339 ms 9 213.206.129.142 (213.206.129.142) 81.390 ms sl-crs4-ams-0-7-0-3.sprintlink.net (213.206.129.139) 85.854 ms
93.238
ms 10 217.149.47.46 (217.149.47.46) 79.004 ms 85.669 ms 79.392 ms 11 ams5-core-1.bundle-ether1.tele2.net (130.244.82.54) 86.507 ms
78.374
ms 77.740 ms 12 ams-core-2.bundle-ether9.tele2.net (130.244.82.57) 79.642 ms
77.926 ms
81.515 ms 13 wen3-core-2.bundle-ether15.tele2.net (130.244.71.47) 105.400 ms 105.089 ms 109.751 ms 14 tele2at-bundle2-vie3.net.uta.at (212.152.189.65) 122.716 ms
110.820 ms
114.354 ms 15 86.59.21.1 (86.59.21.1) 106.389 ms * 105.379 ms neel@xb2:~ %
I got in contact with Peter Palfrader and he says he couldn't help, and
also
with Verizon FiOS support and they said the filtering 'isn't on Verizon's network' (read: isn't on Verizon's internal FiOS network but still on Verizon's AS701 which I have to go to to get anywhere on the Internet
here).
I know that this IP could have been blackholed, and you may think that if Verizon is blocking it, then isn't Level 3 or Cogent? Well, Cogent
doesn't
block tor26:
traceroute to 86.59.21.38 (86.59.21.38), 30 hops max, 60 byte packets 1 gi0-1-1-19.5.agr21.jfk02.atlas.cogentco.com (66.28.3.113) 0.727 ms 0.727 ms 2 be2605.ccr41.jfk02.atlas.cogentco.com (154.54.1.153) 2.177 ms be2606.ccr42.jfk02.atlas.cogentco.com (154.54.2.29) 0.734 ms 3 be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86) 68.557 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186) 70.829 ms 4 be12488.ccr42.ams03.atlas.cogentco.com (130.117.51.42) 74.570 ms be12194.ccr41.ams03.atlas.cogentco.com (154.54.56.94) 76.767 ms 5 be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241) 74.515 ms
74.612
ms 6 149.6.129.250 (149.6.129.250) 80.758 ms 74.625 ms 7 ams5-core-1.bundle-ether1.tele2.net (130.244.82.54) 75.421 ms
75.425
ms 8 ams-core-2.bundle-ether9.tele2.net (130.244.82.57) 74.516 ms
74.558 ms
9 wen3-core-2.bundle-ether15.tele2.net (130.244.71.47) 97.605 ms
95.470
ms 10 tele2at-bundle2-vie3.net.uta.at (212.152.189.65) 100.314 ms
97.947 ms
11 86.59.118.145 (86.59.118.145) 96.918 ms 98.620 ms 12 tor.noreply.org (86.59.21.38) 97.853 ms 98.110 ms
(Source: http://www.cogentco.com/en/network/looking-glass)
It could be possible that other Tier 1 networks formerly blocked tor26,
and
also unblocked, but Verizon was sloppy not to do so.
It's also possible that Verizon could be doing it because the FCC
repealed
Net Neturality, and wants to discourage use of Tor to mine FiOS/VZW customers' browsing habits. But despite a NN repeal I can still access
Tor
on FiOS, and also run a relay (I do both) because other consensus relays
are
still unblocked.
But if Verizon didn't unblock tor26, could it actually mean that Verizon wants to discourage Tor (and VPN/proxy) use to try to mine information of their customers (and sell ads/information) and direct users to VZ-owned
AOL
and Yahoo? Well, I hope they were just sloppy and don't mean to wage war
on
Tor.
While I'm not saying you should avoid using anything Verizon at all
costs (I
certainly wouldn't want to go to the local cable company), I just want to point out a blocked consensus server.
I'm seeing the same thing from the greater Baltimore, MD area:
traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets 1 172.16.3.1 (172.16.3.1) 0.172 ms 0.162 ms 0.115 ms 2 lo0-100.BLTMMD-VFTTP-323.verizon-gni.net (100.16.216.1) 23.228 ms 7.782 ms 2.901 ms 3 B3323.BLTMMD-LCR-22.verizon-gni.net (100.41.222.240) 2.982 ms B3323.BLTMMD-LCR-21.verizon-gni.net (100.41.222.238) 1.702 ms B3323.BLTMMD-LCR-22.verizon-gni.net (100.41.222.240) 7.756 ms 4 * * *
100.41.222.240 is AS19262.
Thanks,
-- Shawn Webb Cofounder and Security Engineer HardenedBSD
Tor-ified Signal: +1 443-546-8752 <(443)%20546-8752> Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays