FYI: ISP's and blocked Authorities

Hi, It seems to be the case that a few ISP's are not up to date and still using old IP's to block Authorities. That means if you are able to connect to just 1 or 2 Authorities but not to all of them your ISP could be one of those candidates. I saw this behaviour in one case just today. Connectivity with Gabelmoo and longclaw was possible but no other Authority was reachable. Gabelmoo recently changed the IP and longclaw is brand new afaik. That ISP is clearly using an old list of IPs to block Tor for their VPS systems. What makes it even worse is that this system was going to be a Non-Exit relay :-( I will ask the operator for more details and the good/bad ISP page will be updated accordingly. If you can reach some Authorities (not all) and you are not getting indexed and measured (also you can't find your system on the Atlas / Tor site), this could be the reason why. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach ----------------------------------------- Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! -----------------------------------------

Hi Sebastian, Is there a way to manually check this? I'm curious to why my non-exit relay, C1B84214, only gets fast/stable/running flags from some authorities but not all of them, as seen here: https://consensus-health.torproject.org/ -Jeremy On Fri, Nov 14, 2014 at 4:37 AM, Sebastian Urbach <sebastian@urbach.org> wrote:
Hi,
It seems to be the case that a few ISP's are not up to date and still using old IP's to block Authorities. That means if you are able to connect to just 1 or 2 Authorities but not to all of them your ISP could be one of those candidates.
I saw this behaviour in one case just today. Connectivity with Gabelmoo and longclaw was possible but no other Authority was reachable. Gabelmoo recently changed the IP and longclaw is brand new afaik. That ISP is clearly using an old list of IPs to block Tor for their VPS systems.
What makes it even worse is that this system was going to be a Non-Exit relay :-(
I will ask the operator for more details and the good/bad ISP page will be updated accordingly. If you can reach some Authorities (not all) and you are not getting indexed and measured (also you can't find your system on the Atlas / Tor site), this could be the reason why. -- Mit freundlichen Grüssen / Sincerely yours
Sebastian Urbach
----------------------------------------- Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! -----------------------------------------
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Hi Jeremy, The operator i talked to tried ping / tracetoute. There was 100 % package loss. If you need more details / help i suggest we talk via private mail. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach ----------------------------------------- Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! ----------------------------------------- On November 15, 2014 6:23:31 PM Jeremy Olexa <jolexa@jolexa.net> wrote:
Hi Sebastian,
Is there a way to manually check this? I'm curious to why my non-exit relay, C1B84214, only gets fast/stable/running flags from some authorities but not all of them, as seen here: https://consensus-health.torproject.org/
-Jeremy
On Fri, Nov 14, 2014 at 4:37 AM, Sebastian Urbach <sebastian@urbach.org> wrote:
Hi,
It seems to be the case that a few ISP's are not up to date and still using old IP's to block Authorities. That means if you are able to connect to just 1 or 2 Authorities but not to all of them your ISP could be one of those candidates.
I saw this behaviour in one case just today. Connectivity with Gabelmoo and longclaw was possible but no other Authority was reachable. Gabelmoo recently changed the IP and longclaw is brand new afaik. That ISP is clearly using an old list of IPs to block Tor for their VPS systems.
What makes it even worse is that this system was going to be a Non-Exit relay :-(
I will ask the operator for more details and the good/bad ISP page will be updated accordingly. If you can reach some Authorities (not all) and you are not getting indexed and measured (also you can't find your system on the Atlas / Tor site), this could be the reason why. -- Mit freundlichen Grüssen / Sincerely yours
Sebastian Urbach
----------------------------------------- Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! -----------------------------------------
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On Sat, Nov 15, 2014 at 07:08:55PM +0100, Sebastian Urbach wrote:
The operator i talked to tried ping / tracetoute. There was 100 % package loss.
It's probably better to directly connect to an authority's OR port. ICMP can be blocked by an ISP while direct TCP connections to the OR port can still succeed. Cheers, Philipp

Hi Philipp, Thats what he tried first, ping / traceroute was more or less to confirm the suspicion. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach ----------------------------------------- Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! ----------------------------------------- On November 17, 2014 12:15:01 PM Philipp Winter <phw@nymity.ch> wrote:
On Sat, Nov 15, 2014 at 07:08:55PM +0100, Sebastian Urbach wrote:
The operator i talked to tried ping / tracetoute. There was 100 % package loss.
It's probably better to directly connect to an authority's OR port. ICMP can be blocked by an ISP while direct TCP connections to the OR port can still succeed.
Cheers, Philipp _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (3)
-
Jeremy Olexa
-
Philipp Winter
-
Sebastian Urbach