Re: [tor-relays] webiron requesting to block several /24 subnet

. . .I have to understand how my ISP reacts to this kind of things.
For the moment I will keep a low profile and I will block the mentioned IP range for a month.
Webiron's system sends notifications to both the abusix.org contact for the IP and to abuse@base-domain.tld for the reverse-DNS name of the relay IP. So if you can configure abuse@ for the relay domain to forward to you, you will see their notices at the same time as the ISP abuse desk. Might be helpful to know about it before they contact you and/or to see if they become familiar enough with the notices to ignore them. Automated abuse complaints from other sources do not always go to the domain-based address. http://multirbl.valli.org/ is a handy resource that shows the abuseix.org and abuse.net information, as well as how many DNSBLs the relay has racked up. You can change the abuse.net contact but Webiron appears to ignore this source and simply construct the abuse@ from the rDNS domain name.

Dhalgren Tor:
. . .I have to understand how my ISP reacts to this kind of things.
For the moment I will keep a low profile and I will block the mentioned IP range for a month.
Webiron's system sends notifications to both the abusix.org contact for the IP and to abuse@base-domain.tld for the reverse-DNS name of the relay IP. So if you can configure abuse@ for the relay domain to forward to you, you will see their notices at the same time as the ISP abuse desk. Might be helpful to know about it before they contact you and/or to see if they become familiar enough with the notices to ignore them. Automated abuse complaints from other sources do not always go to the domain-based address.
is a handy resource that shows the abuseix.org and abuse.net information, as well as how many DNSBLs the relay has racked up. You can change the abuse.net contact but Webiron appears to ignore this source and simply construct the abuse@ from the rDNS domain name. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
We had problems with webiron too. We decided to block them on our mailserver. They even send false-positives. Like we would transport UDP based attacks... We told our ISP the same story, that most of the abuse mails from webiron are false-positives and now they don't bother us. Greetings -- Sam Grüneisen - President Frënn vun der Ënn A.S.B.L. enn.lu

2015-11-17 0:36 GMT+01:00 Dhalgren Tor <dhalgren.tor@gmail.com>:
Webiron's system sends notifications to both the abusix.org contact for the IP and to abuse@base-domain.tld for the reverse-DNS name of the relay IP. So if you can configure abuse@ for the relay domain to forward to you, you will see their notices at the same time as the ISP abuse desk.
Thanks for the advice, I will definitely do that. (also, at some point all this "pro-tips" for exit node operators should be documented somewhere). Cristian

++ 17/11/15 02:08 +0100 - Cristian Consonni:
2015-11-17 0:36 GMT+01:00 Dhalgren Tor <dhalgren.tor@gmail.com>:
Webiron's system sends notifications to both the abusix.org contact for the IP and to abuse@base-domain.tld for the reverse-DNS name of the relay IP. So if you can configure abuse@ for the relay domain to forward to you, you will see their notices at the same time as the ISP abuse desk.
Thanks for the advice, I will definitely do that. (also, at some point all this "pro-tips" for exit node operators should be documented somewhere).
If it is abuse-related, this may be the place: https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment -- Rejo Zenger E rejo@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J rejo@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF Signal 0507 A41B F4D6 5DB4 937D E8A1 29B6 AAA6 524F B68B 93D4 4C6E 8BAB 7C9E 17C9 FB28 03

Il 17/Nov/2015 08:27, "Rejo Zenger" <rejo@zenger.nl> ha scritto:
++ 17/11/15 02:08 +0100 - Cristian Consonni:
2015-11-17 0:36 GMT+01:00 Dhalgren Tor <dhalgren.tor@gmail.com>:
Webiron's system sends notifications to both the abusix.org contact for the IP and to abuse@base-domain.tld for the reverse-DNS name of the relay IP. So if you can configure abuse@ for the relay domain to forward to you, you will see their notices at the same time as the ISP abuse desk.
Thanks for the advice, I will definitely do that. (also, at some point all this "pro-tips" for exit node operators should be documented somewhere).
If it is abuse-related, this may be the place:
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment +1 That was my starting point. C

FYI Webiron ceased sending these for my relay sometime between 11/24 and today (no reports for 11/25-27). Possibly this is because I never look at or resolve the reports and their system eliminates non-responding addresses to avoid listing by spam honeypots. If you wish to continue receiving these I suggest marking them resolved--at least some of time. In my case the cessation on this path is desirable since the ISP has an automated system. Or possibly Webiron has decided to no longer send reports to the reverse-DNS abuse@ path, in which case this source of intelligence is lost. However one can view the Webiron abuse reporting history for an IP on their web site using the link https://www.webiron.com/abuse_feed/ and this would also serve as a way to establish if the abuse-desk has arrived at the optimal approach to Webiron, i.e. ignoring them. On Mon, Nov 16, 2015 at 11:36 PM, Dhalgren Tor <dhalgren.tor@gmail.com> wrote:
. . .I have to understand how my ISP reacts to this kind of things.
For the moment I will keep a low profile and I will block the mentioned IP range for a month.
Webiron's system sends notifications to both the abusix.org contact for the IP and to abuse@base-domain.tld for the reverse-DNS name of the relay IP. So if you can configure abuse@ for the relay domain to forward to you, you will see their notices at the same time as the ISP abuse desk. Might be helpful to know about it before they contact you and/or to see if they become familiar enough with the notices to ignore them. Automated abuse complaints from other sources do not always go to the domain-based address.
is a handy resource that shows the abuseix.org and abuse.net information, as well as how many DNSBLs the relay has racked up. You can change the abuse.net contact but Webiron appears to ignore this source and simply construct the abuse@ from the rDNS domain name.

hi folks, i got some questions. can i get problems as an german citizen with an non exit tor relay in germany with an italien ip? not realy or? i think of TMG § 8. and there are other stats pages, as globe, atlas and blutmagie.de? sorry for my bad english. ----------------------- Mit freundlichen Grüßen / Yours sincerely David Schulz

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, On 28.11.2015 17:43, David Schulz wrote:
can i get problems as an german citizen with an non exit tor relay in germany with an italien ip? not realy or? i think of TMG § 8.
As a non-exit relay operator, you are most certainly not going to get any legal trouble. - -RTNO -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJWWeXGAAoJEJe61A/xrcOQgggP/iCemXOAMRUe1tuVMvTO5koL VFNBTELa3qztE2Oqt8yfB0TtMStrN3tq6/YvwzySiy0Z1jSDWq4/E0kvUFUSl1EU pZmjoww4K/imfxLqIL9BSiO2l+FV3GF9ZlfaWtDLA4AN5EK6oG883m6KyF73+tKR JMBC7AYHhGbVTSATaRT8GoxaO8ahFG9l9S9hS59qApbXB6/mzSHmFEGG/HRC9128 yLOdtkFZ3qPxULrcm4+CdssSWqjOGyyKgnymlhcPpMEwgDZjjl2G3B/nrTQtzfDS /AT/74IfGZWRDvrXAYwq2JbZ3VxCEbAwfWdquvPi8zvNlvsZ5vJwqtNv+/JxwjtR 4cp+m/Djts5zh2fg8F3QYPzvKi80aBZxpYZxQMUl9vJuWl9TxL+sS8eJcjBHsQAt FRSw5kxrIRGGKsB7bqyT81r2OgMIhZPitu1VNqacUNfTW5yb1Cyd8O4qKxG0MB/i sU6wBzVm0iK9dcU6cNthFGcR6Py8h0o2uIIuxWV6HujyDOW+iczBDPlRhAFl7s0Z Z3tMzoj4BV+SfTcH9YeQF/Ke97+Gbl+02LFlbLQtatfVVtwabt7FjgktCi+1+vv/ r8IXhXeC1GL31F1bmxMYtlJJRkB+TZNcY+llulc+h69yQWQqSMikv7w41qA+H7xl P+QFLGAgN4FlVnLYUz3E =Lm21 -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/28/2015 05:43 PM, David Schulz wrote:
i got some questions. can i get problems as an german citizen with an non exit tor relay in germany with an italien ip? not realy or? i think of TMG § 8.
just check their "terms and conditions" wrt running tor relays in general.
and there are other stats pages, as globe, atlas and blutmagie.de? start here https://onionoo.torproject.org/
- -- Toralf, pgp: C4EACDDE 0076E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlZaG58ACgkQxOrN3gB26U47kgD+PxvldI+atF8bkGAfbKcxaGDY EH6mFZIKXHL+180RyH4A/12P0CNZjSkfJZEwj4RxGmEOWlqaawrmKzKXoEbGlxlh =F+Yg -----END PGP SIGNATURE-----
participants (7)
-
Cristian Consonni
-
David Schulz
-
Dhalgren Tor
-
Random Tor Node Operator
-
Rejo Zenger
-
Toralf Förster
-
Tyler Durden