What to do about icecat.biz abuse complaints?
I often get abuse complaints from icecat,biz saying that a "RIP attempt" was seen from the IP address of my exit node. Apparently this involves too many connections in a given period of time. I've tried to contact them but get no answer from the e-mail address included in the abuse reports. The Administrator listed in the icecat.biz whois says he just provides the network and can't provide any info about the company or who to contact within it. The abuse reports each say that my IP address will be blacklisted for a week. Fine with me. I'd just as soon they blacklist it forever but as they are unresponsive to e-mail communication I can't tell them that. Short of turning my exit node into a middle node, what can I do about these frequent abuse reports?
If I recall correctly, icecast is streaming software that runs on port 8000. I assume that someone through your node is trying to "rip" the content, which is what the "RIP Attempt" would be. (Not sure where you got the info that it is too many connections?) If you block port 8000, that could stop people accessing the streaming software without too many adverse affects on other services. Alternatively you can just block icecast.biz (I noticed there isn't a web server on there though) Daniel On 14 April 2012 13:15, Steve Snyder <swsnyder@snydernet.net> wrote:
I often get abuse complaints from icecat,biz saying that a "RIP attempt" was seen from the IP address of my exit node. Apparently this involves too many connections in a given period of time.
I've tried to contact them but get no answer from the e-mail address included in the abuse reports. The Administrator listed in the icecat.bizwhois says he just provides the network and can't provide any info about the company or who to contact within it.
The abuse reports each say that my IP address will be blacklisted for a week. Fine with me. I'd just as soon they blacklist it forever but as they are unresponsive to e-mail communication I can't tell them that.
Short of turning my exit node into a middle node, what can I do about these frequent abuse reports?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I'm using the Reduced Exit Policy (see: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy?format=t...) which does include port 8000, but shows that service as iRDMI. I usually associate "streaming software" with video or audio. What icecat.biz does (I have had to learn much more than I wanted to about them) is to provide manufacturer's documentation. I guess the "cat" is for catalog. Blocking the IP associated with icecat.biz is the first thing I did. That didn't stop the abuse reports. It seems that they have servers distributed all over the world, and the reports don't say what server experienced the abuse. Thanks for the response. On Saturday, April 14, 2012 7:32am, "Daniel Case" <danielcase10@gmail.com> said:
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays If I recall correctly, icecast is streaming software that runs on port 8000. I assume that someone through your node is trying to "rip" the content, which is what the "RIP Attempt" would be. (Not sure where you got the info that it is too many connections?)
If you block port 8000, that could stop people accessing the streaming software without too many adverse affects on other services. Alternatively you can just block icecast.biz (I noticed there isn't a web server on there though)
Daniel
On 14 April 2012 13:15, Steve Snyder <swsnyder@snydernet.net> wrote:
I often get abuse complaints from icecat,biz saying that a "RIP attempt" was seen from the IP address of my exit node. Apparently this involves too many connections in a given period of time.
I've tried to contact them but get no answer from the e-mail address included in the abuse reports. The Administrator listed in the icecat.bizwhois says he just provides the network and can't provide any info about the company or who to contact within it.
The abuse reports each say that my IP address will be blacklisted for a week. Fine with me. I'd just as soon they blacklist it forever but as they are unresponsive to e-mail communication I can't tell them that.
Short of turning my exit node into a middle node, what can I do about these frequent abuse reports?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Sorry Steve, I misread, I thought you said iceca*s*t. Two different services by the looks of it, in that case I would go about blocking this range of IP addresses: 62.250.11.0 - 62.250.11.255<http://www.pagesinventory.com/ip-subnet/62.250.11.html> That will block most icecat domains since that is their subnet range. http://www.pagesinventory.com/ip-subnet/62.250.11.html On 14 April 2012 13:46, Steve Snyder <swsnyder@snydernet.net> wrote:
I'm using the Reduced Exit Policy (see: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy?format=t...) which does include port 8000, but shows that service as iRDMI.
I usually associate "streaming software" with video or audio. What icecat.biz does (I have had to learn much more than I wanted to about them) is to provide manufacturer's documentation. I guess the "cat" is for catalog.
Blocking the IP associated with icecat.biz is the first thing I did. That didn't stop the abuse reports. It seems that they have servers distributed all over the world, and the reports don't say what server experienced the abuse.
Thanks for the response.
On Saturday, April 14, 2012 7:32am, "Daniel Case" <danielcase10@gmail.com> said:
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays If I recall correctly, icecast is streaming software that runs on port 8000. I assume that someone through your node is trying to "rip" the content, which is what the "RIP Attempt" would be. (Not sure where you got the info that it is too many connections?)
If you block port 8000, that could stop people accessing the streaming software without too many adverse affects on other services. Alternatively you can just block icecast.biz (I noticed there isn't a web server on there though)
Daniel
On 14 April 2012 13:15, Steve Snyder <swsnyder@snydernet.net> wrote:
I often get abuse complaints from icecat,biz saying that a "RIP attempt" was seen from the IP address of my exit node. Apparently this involves too many connections in a given period of time.
I've tried to contact them but get no answer from the e-mail address included in the abuse reports. The Administrator listed in the icecat.bizwhois says he just provides the network and can't provide any info about the company or who to contact within it.
The abuse reports each say that my IP address will be blacklisted for a week. Fine with me. I'd just as soon they blacklist it forever but as they are unresponsive to e-mail communication I can't tell them that.
Short of turning my exit node into a middle node, what can I do about these frequent abuse reports?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sat, 14 Apr 2012 07:15:56 -0400 (EDT) "Steve Snyder" <swsnyder@snydernet.net> allegedly wrote:
I often get abuse complaints from icecat,biz saying that a "RIP attempt" was seen from the IP address of my exit node. Apparently this involves too many connections in a given period of time.
I had the same problem last year. In response to my question about what others were doing, Moritz Bartl said: "Icecat was discussed recently on tor-talk, see https://lists.torproject.org/pipermail/tor-talk/2011-September/021446.html In short : We now ignore the automated reports." Mick --------------------------------------------------------------------- blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 ---------------------------------------------------------------------
Hi Steve, we get a lot of those, too. We've talked to them about what we do about half a year ago and asked them to consider to stop sending dozens of abuses to us each day. As they didn't seem to be okay with Tor, though, they said they wouldn't stop sending those, so we started just filtering and ignoring them. Julian Wissmann -- www.torservers.net
I often get abuse complaints from icecat,biz saying that a "RIP attempt" was seen from the IP address of my exit node. Apparently this involves too many connections in a given period of time.
I've tried to contact them but get no answer from the e-mail address included in the abuse reports. The Administrator listed in the icecat.biz whois says he just provides the network and can't provide any info about the company or who to contact within it.
The abuse reports each say that my IP address will be blacklisted for a week. Fine with me. I'd just as soon they blacklist it forever but as they are unresponsive to e-mail communication I can't tell them that.
Short of turning my exit node into a middle node, what can I do about these frequent abuse reports?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sat, Apr 14, 2012, at 07:15 AM, Steve Snyder wrote:
I often get abuse complaints from icecat,biz saying that a "RIP attempt" was seen from the IP address of my exit node. Apparently this involves too many connections in a given period of time.
I've tried to contact them but get no answer from the e-mail address included in the abuse reports. The Administrator listed in the icecat.biz whois says he just provides the network and can't provide any info about the company or who to contact within it.
The abuse reports each say that my IP address will be blacklisted for a week. Fine with me. I'd just as soon they blacklist it forever but as they are unresponsive to e-mail communication I can't tell them that.
Short of turning my exit node into a middle node, what can I do about these frequent abuse reports?
Just accessing that domain with Tor gets the response 'Your IP access was denied by our administrators, as it resembles a ripping attempt', with a captcha to proceed. Apparently they detect Tor but are sending abuse emails as well? How foolish. If you have emailed the Registrant Contact in the Whois, and the recipient denies responsibility for the domain, then the Whois is false and you should report it as such at http://wdprs.internic.net/ GD -- http://www.fastmail.fm - A no graphics, no pop-ups email service
participants (5)
-
Daniel Case -
Geoff Down -
Julian Wissmann -
mick -
Steve Snyder