As you know, the Tor network can be used for mischievous and in some countries illegal activity hurting the reputation of Tor. Two of these activities include Cryptolocker[1] and Gameover Zeus[2].
Recently my exit node was inserted into a few block lists due to this two issues mentioned above and I would guess this hinders 'good' traffic within the Tor network using an exit node.
I have complied a list of Sinkholes from CBL for both Cryptolocker and Gameover Zeus. Consider adding these IPs to your ExitPolicy reject list.
ExitPolicy reject 85.159.211.119 # Cryptolocker ExitPolicy reject 212.71.250.4 # Cryptolocker ExitPolicy reject 54.83.43.69 # Cryptolocker ExitPolicy reject 192.42.116.41 # Cryptolocker ExitPolicy reject 192.42.119.41 # Cryptolocker ExitPolicy reject 198.98.103.253 # Cryptolocker ExitPolicy reject 208.64.121.161 # Cryptolocker ExitPolicy reject 142.0.36.234 # Cryptolocker ExitPolicy reject 173.193.197.194 # Cryptolocker
[1]: http://www.us-cert.gov/ncas/alerts/TA13-309A [2]: https://www.us-cert.gov/ncas/alerts/TA14-150A
On Wed, Jun 11, 2014 at 4:17 AM, Adam Brenner adam@aeb.io wrote:
I have complied a list of Sinkholes from CBL for both Cryptolocker and Gameover Zeus. Consider adding these IPs to your ExitPolicy reject list.
Here are lists of other useless "bad' stuff on the clearnet for which exit operator might receive a complaint for contacting: ... ... ...
Has anyone evaluated the network [dirdata, client] cost of bloating 1200+ exits worth of 1000+ line exitpolicies, versus [circuit] cost blocking them with external packet filters.
And the classic issue of when those IP's are eventually cleared and used for "good' stuff, but laziness tends not to delist them, so exit becomes less useful and traffic skews.
tor-relays@lists.torproject.org
-
Adam Brenner -
grarpamp