I had a less-than-amusing conversation with my ISP this week about how my Tor exit node was performing "network scans". As far as I can tell, their definition of "network scan" comprises anything from "knocking on the same port on every machine in a /8" to "creating lots of legitimate connections to the same port in a /8".

Obviously, their network monitoring system is too trigger-happy, but there is nothing I can do about that.

Do other relay operators have traffic-shaping solutions that make legitimate (and not-so-legitimate) Tor traffic look less like network abuse?

I've reconfigured my exit to be a non-exit for the time being. I'm more than happy to be an exit (and field genuine abuse complaints), but I'd prefer not to trigger automated network abuse monitoring systems (too often).

Any tips?

My node is running FreeBSD with ipfw and dummynet, if someone happens to have ready to copy/paste settings. ;-)

Philip