
Is it possible to block domain names in Tor's ExitPolicy? I've been getting abuses on *.panelboxmanager.com, and I'd like to be proactive about this if possible.

They give me the IP address to block. The problem is yesterday it was on s01.panelboxmanager.com. Today it was s502.panelboxmanager.com. I was hoping for a way to block all sub-domains of panelboxmanager.com to prevent further abuse on that particular network. Guess I'll keep going per-IP for now. On 10/31/2016 03:38 PM, Jason Jung wrote:

If you run a local caching resolver, you can tell it not to answer requests for these domains. (Or, more precisely, answer them with NXDOMAIN.) And you should block the IP addresses for the netblock in your exit policy as well, so the blocking is at least somewhat transparent. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------

I wouldn't recommend blocking at the DNS level, as this could flag your exit with a BADEXIT for modifying traffic. The current official way to do this is through the exit policy, but this is in a configuration file. *Relay Operators*: is there a way to dynamically update the exit policy as a relay is running? On 1 November 2016 at 10:35, teor <teor2345@gmail.com> wrote:

On 01.11.2016 12:27, Diarmaid McManus wrote:
is there a way to dynamically update the exit policy as a relay is running?
There is. Change configuration file on-disk, then send a HUP signal to Tor process. Does anybody have a suggestion on how best to figure out which address ranges are owned by panelboxmanager.com? Complaints seem to come in for all sorts of addresses. -Ralph

On 2016-11-01 at 12:37, Ralph Seichter wrote:
According to the whois of their IP address for panelboxmanager.com, I got the following two subnets: Panelbox IWEB--72-55-186-0-24 (NET-72-55-186-0-1) 72.55.186.0 - 72.55.186.255 iWeb Technologies Inc. IWEB-BLK-03 (NET-72-55-128-0-1) 72.55.128.0 - 72.55.191.255 Best, Michael

Hi Ralph, Ralph Seichter <tor-relays-ml@horus-it.de> schrieb am Di., 1. Nov. 2016 um 12:37 Uhr:
`whois 72.55.186.5` leads to https://whois.arin.net/rest/org/PANEL-2/nets: PANELBOX-14 (NET-67-205-125-0-1 <https://whois.arin.net/rest/net/NET-67-205-125-0-1.html>) 67.205.125.0 - 67.205.125.255 PANELBOX-07 (NET-108-163-147-0-1 <https://whois.arin.net/rest/net/NET-108-163-147-0-1.html>) 108.163.147.0 - 108.163.147.255 PANELBOX-08 (NET-184-107-101-0-1 <https://whois.arin.net/rest/net/NET-184-107-101-0-1.html>) 184.107.101.0 - 184.107.101.255 PANELBOX-09 (NET-184-107-116-0-1 <https://whois.arin.net/rest/net/NET-184-107-116-0-1.html>) 184.107.116.0 - 184.107.116.255 PANELBOX-10 (NET-198-72-104-0-1 <https://whois.arin.net/rest/net/NET-198-72-104-0-1.html>) 198.72.104.0 - 198.72.104.255 PANELBOX-11 (NET-72-55-152-240-1 <https://whois.arin.net/rest/net/NET-72-55-152-240-1.html>) 72.55.152.240 - 72.55.152.255 PANELBOX-12 (NET-108-163-128-64-1 <https://whois.arin.net/rest/net/NET-108-163-128-64-1.html>) 108.163.128.64 - 108.163.128.127 PANELBOX-06 (NET-70-38-127-64-1 <https://whois.arin.net/rest/net/NET-70-38-127-64-1.html>) 70.38.127.64 - 70.38.127.127 PANELBOX-13 (NET-184-107-111-96-1 <https://whois.arin.net/rest/net/NET-184-107-111-96-1.html>) 184.107.111.96 - 184.107.111.127 PANELBOX-13 (NET-209-172-50-32-1 <https://whois.arin.net/rest/net/NET-209-172-50-32-1.html>) 209.172.50.32 - 209.172.50.63 PANELBOX-04 (NET-174-142-230-0-1 <https://whois.arin.net/rest/net/NET-174-142-230-0-1.html>) 174.142.230.0 - 174.142.230.255 PANELBOX-05 (NET-184-107-100-0-1 <https://whois.arin.net/rest/net/NET-184-107-100-0-1.html>) 184.107.100.0 - 184.107.100.255 PANELBOX-03 (NET-67-205-105-0-1 <https://whois.arin.net/rest/net/NET-67-205-105-0-1.html>) 67.205.105.0 - 67.205.105.255 PANELBOX-02 (NET-67-205-90-240-1 <https://whois.arin.net/rest/net/NET-67-205-90-240-1.html>) 67.205.90.240 - 67.205.90.255 IWEB--72-55-186-0-24 (NET-72-55-186-0-1 <https://whois.arin.net/rest/net/NET-72-55-186-0-1.html>) 72.55.186.0 - 72.55.186.255 HTH Sven

On 01.11.2016 12:56, hwertiout695 wrote:
This appears to be the most comprehensive list of assigned networks I have seen so far for panelboxmanager.com; thank you. -Ralph

The man page is your friend: ExitPolicy policy,policy,... Set an exit policy for this server. Each policy is of the form "accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted then this policy just applies to the host given. PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that means "*". --
T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------

On 2 Nov. 2016, at 02:01, Tristan <supersluether@gmail.com> wrote:
So what mask would I use then? I've been trying to wrap my head around it, but I just don't understand what /24 means, or how it's different from /27 or any other number.
You have a list in IP-IP (IP range) format, and you want to convert it into IP/Mask (CIDR) format. Here is a tool that will do that: http://ipaddressguide.com/cidr If you want to learn more, or check the tool's work: https://en.wikipedia.org/wiki/CIDR_notation
On 2 Nov. 2016, at 02:06, Tristan <supersluether@gmail.com> wrote:
Wow this is confusing. If I'm understanding this correctly, 0.0.0.0/24 would mean any address from 0.0.0.0 to 0.0.0.255, correct?
Yes. Imagine each of the numbers in an IPv4 address is a byte. Put them together, you have 32 bits. Count each bit starting from 1, and when you reach the mask number, the IP range is all the possible combinations of all the remaining bits. Tim
T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------
participants (8)
-
Diarmaid McManus
-
hwertiout695
-
Jason Jung
-
Michael Armbruster
-
Ralph Seichter
-
SuperSluether
-
teor
-
Tristan