To summarize: Hetzner is issuing "netscan abuse" complaints because their automated systems misunderstand normal Tor behavior (TCP/SYN packets to [offline] relays). In response, we are now discussing banning Tor nodes that go down for routine maintenance. This is the wrong solution. We would be actively "lobotomizing" network diversity because of one provider's flawed policy. The problem is Hetzner's surveillance. Any provider that constantly stores and analyzes netflow data to this degree is a risk. Instead of punishing Tor diversity, we should reduce the impact of Hetzner. I propose all Hetzner-hosted relays get the MiddleOnly flag and be barred from becoming Guard nodes. I sincerely hope the network-health team sees the gravity of this. If we knowingly ban our own relays over this, we are fundamentally undermining the network. When did we become the censors? /r0cket On Monday, October 27, 2025 21:20 UTC, Toralf Förster via tor-relays <tor-relays@lists.torproject.org> wrote:
On 10/22/25 6:52 AM, Tor at 1AEO via tor-relays wrote:
No other provider appears to exhibit these same issues with this traffic pattern.
I got 3 abuse complaints related to 64.65.0.0/24, 64.65.61.0/24 and 96.9.98.0/24 in the past couple of weeks.
Open to any guidance or suggestions on how best to mitigate this.
My personal solution attempt as of today is in [1]. For that I added EGRESS_SUBNET_SLEW="45.84.107.0 64.65.0.0/23 64.65.60.0/22 96.9.98.0 109.70.100 171.25.193.0 185.220.101.0 192.42.116.0" /opt/torutils/ipv4-rules-egress.sh start
to the init script of a bare metal server hosting 5 Tor relays. After reboot it took about 10 min for the iptables stats to calm down [2].
[1] https://github.com/toralf/torutils/blob/main/ipv4-rules-egress.sh [2] https://0x0.st/K2C0.txt
-- Toralf _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org