On Wednesday, June 15, 2022 8:17:54 PM CEST Eddie wrote:
Have a question about how a server I connect to can tell I am running a guard/middle relay. All I can think of is that they check the published list of tor nodes against the IP.
Unfortunately, many people do this, often because they have no idea about the different Tor relays.
Background: The corp my wife works for blocked our IP. The excuse they gave was that it was due to a change made by a vendor they use to identify malicious IP addresses. I have been running the relay for almost 5 years without any previous flagging. They also state that running a middle relay is not in violation of any policy, but the vendor mis-identified our relay as an exit, hence blocking it.
After changing the IP, the new IP was also blocked in less than 24 hours. My feeling is that the vendor is now just using the full list of tor nodes and indiscriminately blocking everything, despite what the corp security folks say.
Workarounts: - In Germany, almost every ISP has (www & ftp) proxies for its customers. I use it generally, also for IRC, then the proxy IP is displayed. - In Germany we have '¹Freifunk' in almost every city. Firmware is OpenWrt with wireguard (VPN) and can be flashed on many WLAN-AP's/router. I have one at home too.
¹Anonymous citizens wifi mesh networks. No registration, no logs.
I'm looking for some sort of validation I can use to counter their claims.