Question about responding to abuse request
Hi all, I run a Tor exit node, and I received an abuse complain from Webiron. In this mail, I can read the following: "If you run a VPN, anonymizer service (like a TOR exit or proxy node), or business intelligence not contracted with the site owner, then we request that the targeted range be blocked from your service. If it is being blocked, then it's at the right and choice of our clients to refuse access." So if I understand correctly, they ask me to block the targeted range they give me in this report. I know I can block this IP range by adding it to my exit policy, but I would like to know how others exit node operators manage these type of requests, because I ask myself if it is not against tor philosophy to block access to a specific network to Tor users. Thanks all in advance for your answers. Best regards, -- Patrick ZAJDA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I receive the Webiron abuse complaints too. You can opt-out of their e-mails as I personally also do not like restricting access to specific networks. For the relays I run which are in a SWIP-ed IP range redirecting the abuse to myself I just ignore them. I do however have a few relays without IP addresses on my own name for which I did have to add a reported range to the exit policy to prevent an angry hoster. It is up to yourself to decide what you can and want to do with it. Better have a relay which stays running but restricting access to one /24 range than have it offline as a whole. Just my two cents. On 7/5/15 7:21 PM, Patrick ZAJDA wrote:
Hi all,
I run a Tor exit node, and I received an abuse complain from Webiron. In this mail, I can read the following: "If you run a VPN, anonymizer service (like a TOR exit or proxy node), or business intelligence not contracted with the site owner, then we request that the targeted range be blocked from your service. If it is being blocked, then it's at the right and choice of our clients to refuse access." So if I understand correctly, they ask me to block the targeted range they give me in this report.
I know I can block this IP range by adding it to my exit policy, but I would like to know how others exit node operators manage these type of requests, because I ask myself if it is not against tor philosophy to block access to a specific network to Tor users.
Thanks all in advance for your answers.
Best regards,
- -- Tim Semeijn Babylon Network pgp 0x5B8A4DDF -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJVmWtNAAoJEIZioqpbik3ffLkQAKPjWUHJBnQoHz9TtEvxXwX8 d9uN6PxsuLhVeserxWjCxpRK/xphE6kyeZ3oa62woYw7oGlHm6YFbLoLFggMEFtq 7XMMecLUCvniMG0vAzEXPRFp5eHD+SJRdNxPhuGd3vCi+srK7qQmCobFROIeknL3 VcnHrHsG+p/KiFHXEeyHNGOvb6Oos6WOZ8clv7keIYrCRcGD/bht43eEb1candGm zGIAa9rqk6hXN7kFrWpu/867JFBSG2EcBtY8KUCDK1ktSRuB7g/Eh8HLWPkH46oC OSWA9uiKq7Y1IQdgeVRUVkBlmU3noFG5RYKNrJANomoSJFOcu3IYqzlpqVyb1gJt VsqKVQhJtgUTts8vthNdcIc8CF5sX2MP7Mf4wYfFA7LsJogq0EOcIgBHslQPWHhy CRYiJPiD5LBDr+2flA4PiOThiQWGqdbsfCvG5wXeYSQZV83zF3m1FHRMTfQ+h6ZZ 3vQNohnsf3Gj18JUvGkisPcsf6iTl0r0UW6qJ6ukhbqxTQ0uOjbxtG2gQgd1D/CL Wa+NTDtNBHpz/TAXET0VFA+GNSfrKbtpiTNcVz06N2rT2LuABn8TAuDoTwYDCk8K XCj8NOMztkScP1MK1LniY6iJ2BgtI/7CPZ/Wj9XpDyEnjDHmMkg+B9espEZtuoT+ /UuEexPfORKoCaveVU6I =Ct5S -----END PGP SIGNATURE-----
To add to this, it might be worth noting that they will likely block (or attempt to block) your IP address from their network regardless of if you add their network to you exit policies. What this will mean is that anyone attempting to access their network through your exit node will be met with either a block page or a network-level error (connection timeout or connection reset or refused), at least until your IP changes. If you do add this network to your exit policy, then those requests will be routed to nodes that may not have been picked up by that network and would be able to access the services behind it. That's the way I look at the issue, in any case.
On 07/05/2015 07:21 PM, Patrick ZAJDA wrote:
I know I can block this IP range by adding it to my exit policy, but I would like to know how others exit node operators manage these type of requests, because I ask myself if it is not against tor philosophy to block access to a specific network to Tor users.
If the provider specifically requests it, you can try to argue, but I doubt it will get you anywhere. So far we have been able to avoid most blocks by arguing that we only run a fraction of exits and attackers will be routed around it without even noticing. Alternatively, tell them you have blocked the destination range for 180 days (or something). Maybe this is already enough. -- Moritz Bartl https://www.torservers.net/
Hi, Usually those are automated messages. I get them all the time as well. They are just relaying abuse messages. The text in their message is standard, and includes all cases so to say. If you scroll down the email, you will see the target IP and few logs. Usually this is the result of automated scripts talking directly to Webiron, which send the message automatically (no humans involved) to the abuse handle of a certain IP address. I recommend you not to take any action unless you are contacted by humans, with real abuse reasons. Then, you explain what Tor is, provide some links, and if the reporter is still concerned and insists explicitly, you could block his IP ranges from your exit. I don't see why a sane person would ask for this, since this can be better implemented at their side, with few firewall rules... On 7/5/2015 8:21 PM, Patrick ZAJDA wrote:
Hi all,
I run a Tor exit node, and I received an abuse complain from Webiron. In this mail, I can read the following: "If you run a VPN, anonymizer service (like a TOR exit or proxy node), or business intelligence not contracted with the site owner, then we request that the targeted range be blocked from your service. If it is being blocked, then it's at the right and choice of our clients to refuse access." So if I understand correctly, they ask me to block the targeted range they give me in this report.
I know I can block this IP range by adding it to my exit policy, but I would like to know how others exit node operators manage these type of requests, because I ask myself if it is not against tor philosophy to block access to a specific network to Tor users.
Thanks all in advance for your answers.
Best regards,
participants (5)
-
Moritz Bartl -
Patrick ZAJDA -
s7r -
Tim Semeijn -
Tor Relays at brwyatt.net