On Sat, 17 May 2014 10:27:39 +0200 dope457 dope457@riseup.net wrote:
Hello,
I have been running middle relay on my VPS since it was too much trouble to operate an exit. But ever since I have received two abuse reports regarding same issue.
- Source: 31.31.78.141
Event type: DNSANOMALY Detail: High amount of TCP DNS traffic, whole transfer: 12 503 B Timestamp: 2014-05-14 20:20:35 NetFlow source: localhost Targets: 178.238.223.67
This relay: http://torstatus.blutmagie.de/router_detail.php?FP=44efaf942314f756fc7ea5029... runs with their ORPort set to 53, which is more commonly used for the TCP variant of DNS. So your ordinary communication with them as a part of Tor relaying is misdetected by your ISP as malicious DNS attack.
You options are:
1) Explaining the above (along with some explanation about Tor network in general) to your provider;
2) mailing to the contact E-Mail of the above relay, asking them to change their port (but then there may be more relays doing the same in the future);
3) blocking outgoing communication to TCP port 53 to all IPs which are not your chosen recusive DNS servers (set in /etc/resolv.conf); but this will partially break the Tor network, as part of the circuits which clients try to establish via your node will now fail (if they happen to include such ORPort 53 nodes).