
Is it possible to block domain names in Tor's ExitPolicy? I've been getting abuses on *.panelboxmanager.com, and I'd like to be proactive about this if possible.

You need to block them via IP address. Do a DNS lookup of the domain in question if the e-mail doesn't contain it. On Mon, Oct 31, 2016 at 07:55:43AM -0500, Tristan wrote:
Is it possible to block domain names in Tor's ExitPolicy? I've been getting abuses on *.panelboxmanager.com, and I'd like to be proactive about this if possible.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Jason Jung 7942 B145 5E45 1D53 37C8 1204 8DA4 A1DB CBE6 35AE

They give me the IP address to block. The problem is yesterday it was on s01.panelboxmanager.com. Today it was s502.panelboxmanager.com. I was hoping for a way to block all sub-domains of panelboxmanager.com to prevent further abuse on that particular network. Guess I'll keep going per-IP for now. On 10/31/2016 03:38 PM, Jason Jung wrote:
You need to block them via IP address. Do a DNS lookup of the domain in question if the e-mail doesn't contain it.
On Mon, Oct 31, 2016 at 07:55:43AM -0500, Tristan wrote:
Is it possible to block domain names in Tor's ExitPolicy? I've been getting abuses on *.panelboxmanager.com, and I'd like to be proactive about this if possible. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On 1 Nov. 2016, at 07:42, SuperSluether <supersluether@gmail.com> wrote:
They give me the IP address to block. The problem is yesterday it was on s01.panelboxmanager.com. Today it was s502.panelboxmanager.com. I was hoping for a way to block all sub-domains of panelboxmanager.com to prevent further abuse on that particular network. Guess I'll keep going per-IP for now.
On 10/31/2016 03:38 PM, Jason Jung wrote:
You need to block them via IP address. Do a DNS lookup of the domain in question if the e-mail doesn't contain it.
On Mon, Oct 31, 2016 at 07:55:43AM -0500, Tristan wrote:
Is it possible to block domain names in Tor's ExitPolicy? I've been getting abuses on *.panelboxmanager.com, and I'd like to be proactive about this if possible.
If you run a local caching resolver, you can tell it not to answer requests for these domains. (Or, more precisely, answer them with NXDOMAIN.) And you should block the IP addresses for the netblock in your exit policy as well, so the blocking is at least somewhat transparent. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------

I wouldn't recommend blocking at the DNS level, as this could flag your exit with a BADEXIT for modifying traffic. The current official way to do this is through the exit policy, but this is in a configuration file. *Relay Operators*: is there a way to dynamically update the exit policy as a relay is running? On 1 November 2016 at 10:35, teor <teor2345@gmail.com> wrote:
On 1 Nov. 2016, at 07:42, SuperSluether <supersluether@gmail.com> wrote:
They give me the IP address to block. The problem is yesterday it was on s01.panelboxmanager.com. Today it was s502.panelboxmanager.com. I was hoping for a way to block all sub-domains of panelboxmanager.com to prevent further abuse on that particular network. Guess I'll keep going per-IP for now.
On 10/31/2016 03:38 PM, Jason Jung wrote:
You need to block them via IP address. Do a DNS lookup of the domain in question if the e-mail doesn't contain it.
On Mon, Oct 31, 2016 at 07:55:43AM -0500, Tristan wrote:
Is it possible to block domain names in Tor's ExitPolicy? I've been getting abuses on *.panelboxmanager.com, and I'd like to be proactive about this if possible.
If you run a local caching resolver, you can tell it not to answer requests for these domains. (Or, more precisely, answer them with NXDOMAIN.)
And you should block the IP addresses for the netblock in your exit policy as well, so the blocking is at least somewhat transparent.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------ ------------------
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On 01.11.2016 12:27, Diarmaid McManus wrote:
is there a way to dynamically update the exit policy as a relay is running?
There is. Change configuration file on-disk, then send a HUP signal to Tor process. Does anybody have a suggestion on how best to figure out which address ranges are owned by panelboxmanager.com? Complaints seem to come in for all sorts of addresses. -Ralph

On 2016-11-01 at 12:37, Ralph Seichter wrote:
On 01.11.2016 12:27, Diarmaid McManus wrote:
is there a way to dynamically update the exit policy as a relay is running?
There is. Change configuration file on-disk, then send a HUP signal to Tor process.
Does anybody have a suggestion on how best to figure out which address ranges are owned by panelboxmanager.com? Complaints seem to come in for all sorts of addresses.
According to the whois of their IP address for panelboxmanager.com, I got the following two subnets: Panelbox IWEB--72-55-186-0-24 (NET-72-55-186-0-1) 72.55.186.0 - 72.55.186.255 iWeb Technologies Inc. IWEB-BLK-03 (NET-72-55-128-0-1) 72.55.128.0 - 72.55.191.255 Best, Michael

Hi Ralph, Ralph Seichter <tor-relays-ml@horus-it.de> schrieb am Di., 1. Nov. 2016 um 12:37 Uhr:
Does anybody have a suggestion on how best to figure out which address ranges are owned by panelboxmanager.com? Complaints seem to come in for all sorts of addresses.
`whois 72.55.186.5` leads to https://whois.arin.net/rest/org/PANEL-2/nets: PANELBOX-14 (NET-67-205-125-0-1 <https://whois.arin.net/rest/net/NET-67-205-125-0-1.html>) 67.205.125.0 - 67.205.125.255 PANELBOX-07 (NET-108-163-147-0-1 <https://whois.arin.net/rest/net/NET-108-163-147-0-1.html>) 108.163.147.0 - 108.163.147.255 PANELBOX-08 (NET-184-107-101-0-1 <https://whois.arin.net/rest/net/NET-184-107-101-0-1.html>) 184.107.101.0 - 184.107.101.255 PANELBOX-09 (NET-184-107-116-0-1 <https://whois.arin.net/rest/net/NET-184-107-116-0-1.html>) 184.107.116.0 - 184.107.116.255 PANELBOX-10 (NET-198-72-104-0-1 <https://whois.arin.net/rest/net/NET-198-72-104-0-1.html>) 198.72.104.0 - 198.72.104.255 PANELBOX-11 (NET-72-55-152-240-1 <https://whois.arin.net/rest/net/NET-72-55-152-240-1.html>) 72.55.152.240 - 72.55.152.255 PANELBOX-12 (NET-108-163-128-64-1 <https://whois.arin.net/rest/net/NET-108-163-128-64-1.html>) 108.163.128.64 - 108.163.128.127 PANELBOX-06 (NET-70-38-127-64-1 <https://whois.arin.net/rest/net/NET-70-38-127-64-1.html>) 70.38.127.64 - 70.38.127.127 PANELBOX-13 (NET-184-107-111-96-1 <https://whois.arin.net/rest/net/NET-184-107-111-96-1.html>) 184.107.111.96 - 184.107.111.127 PANELBOX-13 (NET-209-172-50-32-1 <https://whois.arin.net/rest/net/NET-209-172-50-32-1.html>) 209.172.50.32 - 209.172.50.63 PANELBOX-04 (NET-174-142-230-0-1 <https://whois.arin.net/rest/net/NET-174-142-230-0-1.html>) 174.142.230.0 - 174.142.230.255 PANELBOX-05 (NET-184-107-100-0-1 <https://whois.arin.net/rest/net/NET-184-107-100-0-1.html>) 184.107.100.0 - 184.107.100.255 PANELBOX-03 (NET-67-205-105-0-1 <https://whois.arin.net/rest/net/NET-67-205-105-0-1.html>) 67.205.105.0 - 67.205.105.255 PANELBOX-02 (NET-67-205-90-240-1 <https://whois.arin.net/rest/net/NET-67-205-90-240-1.html>) 67.205.90.240 - 67.205.90.255 IWEB--72-55-186-0-24 (NET-72-55-186-0-1 <https://whois.arin.net/rest/net/NET-72-55-186-0-1.html>) 72.55.186.0 - 72.55.186.255 HTH Sven

On 01.11.2016 12:56, hwertiout695 wrote:
This appears to be the most comprehensive list of assigned networks I have seen so far for panelboxmanager.com; thank you. -Ralph

So, I tried putting the IPs into my exit policy like this: xx.xx.xx.xx-xx.xx.xx:* But Tor doesn't like that syntax. What's the correct way to block address ranges in the exit policy? On 11/01/2016 07:32 AM, Ralph Seichter wrote:
On 01.11.2016 12:56, hwertiout695 wrote:
https://whois.arin.net/rest/org/PANEL-2/nets [...] This appears to be the most comprehensive list of assigned networks I have seen so far for panelboxmanager.com; thank you.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On 2 Nov. 2016, at 01:54, SuperSluether <supersluether@gmail.com> wrote:
So, I tried putting the IPs into my exit policy like this:
xx.xx.xx.xx-xx.xx.xx:*
But Tor doesn't like that syntax. What's the correct way to block address ranges in the exit policy?
The man page is your friend: ExitPolicy policy,policy,... Set an exit policy for this server. Each policy is of the form "accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted then this policy just applies to the host given. PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that means "*". --
On 11/01/2016 07:32 AM, Ralph Seichter wrote:
On 01.11.2016 12:56, hwertiout695 wrote:
https://whois.arin.net/rest/org/PANEL-2/nets [...] This appears to be the most comprehensive list of assigned networks I have seen so far for panelboxmanager.com; thank you.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------

So what mask would I use then? I've been trying to wrap my head around it, but I just don't understand what /24 means, or how it's different from /27 or any other number. On Nov 1, 2016 9:58 AM, "teor" <teor2345@gmail.com> wrote:
On 2 Nov. 2016, at 01:54, SuperSluether <supersluether@gmail.com> wrote:
So, I tried putting the IPs into my exit policy like this:
xx.xx.xx.xx-xx.xx.xx:*
But Tor doesn't like that syntax. What's the correct way to block address ranges in the exit policy?
The man page is your friend:
ExitPolicy policy,policy,... Set an exit policy for this server. Each policy is of the form "accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted then this policy just applies to the host given.
PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that means "*".
--
On 11/01/2016 07:32 AM, Ralph Seichter wrote:
On 01.11.2016 12:56, hwertiout695 wrote:
https://whois.arin.net/rest/org/PANEL-2/nets [...] This appears to be the most comprehensive list of assigned networks I have seen so far for panelboxmanager.com; thank you.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------ ------------------
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Wow this is confusing. If I'm understanding this correctly, 0.0.0.0/24 would mean any address from 0.0.0.0 to 0.0.0.255, correct? On Nov 1, 2016 10:01 AM, "Tristan" <supersluether@gmail.com> wrote:
So what mask would I use then? I've been trying to wrap my head around it, but I just don't understand what /24 means, or how it's different from /27 or any other number.
On Nov 1, 2016 9:58 AM, "teor" <teor2345@gmail.com> wrote:
On 2 Nov. 2016, at 01:54, SuperSluether <supersluether@gmail.com> wrote:
So, I tried putting the IPs into my exit policy like this:
xx.xx.xx.xx-xx.xx.xx:*
But Tor doesn't like that syntax. What's the correct way to block address ranges in the exit policy?
The man page is your friend:
ExitPolicy policy,policy,... Set an exit policy for this server. Each policy is of the form "accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted then this policy just applies to the host given.
PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that means "*".
--
On 11/01/2016 07:32 AM, Ralph Seichter wrote:
On 01.11.2016 12:56, hwertiout695 wrote:
https://whois.arin.net/rest/org/PANEL-2/nets [...] This appears to be the most comprehensive list of assigned networks I have seen so far for panelboxmanager.com; thank you.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------ ------------------
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On 2 Nov. 2016, at 02:01, Tristan <supersluether@gmail.com> wrote:
So what mask would I use then? I've been trying to wrap my head around it, but I just don't understand what /24 means, or how it's different from /27 or any other number.
You have a list in IP-IP (IP range) format, and you want to convert it into IP/Mask (CIDR) format. Here is a tool that will do that: http://ipaddressguide.com/cidr If you want to learn more, or check the tool's work: https://en.wikipedia.org/wiki/CIDR_notation
On 2 Nov. 2016, at 02:06, Tristan <supersluether@gmail.com> wrote:
Wow this is confusing. If I'm understanding this correctly, 0.0.0.0/24 would mean any address from 0.0.0.0 to 0.0.0.255, correct?
Yes. Imagine each of the numbers in an IPv4 address is a byte. Put them together, you have 32 bits. Count each bit starting from 1, and when you reach the mask number, the IP range is all the possible combinations of all the remaining bits. Tim
On Nov 1, 2016 9:58 AM, "teor" <teor2345@gmail.com> wrote:
On 2 Nov. 2016, at 01:54, SuperSluether <supersluether@gmail.com> wrote:
So, I tried putting the IPs into my exit policy like this:
xx.xx.xx.xx-xx.xx.xx:*
But Tor doesn't like that syntax. What's the correct way to block address ranges in the exit policy?
The man page is your friend:
ExitPolicy policy,policy,... Set an exit policy for this server. Each policy is of the form "accept[6]|reject[6]ADDR[/MASK][:PORT]". If /MASK is omitted then this policy just applies to the host given.
PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that means "*".
--
On 11/01/2016 07:32 AM, Ralph Seichter wrote:
On 01.11.2016 12:56, hwertiout695 wrote:
https://whois.arin.net/rest/org/PANEL-2/nets [...] This appears to be the most comprehensive list of assigned networks I have seen so far for panelboxmanager.com; thank you.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------------
participants (8)
-
Diarmaid McManus
-
hwertiout695
-
Jason Jung
-
Michael Armbruster
-
Ralph Seichter
-
SuperSluether
-
teor
-
Tristan