From teor2345 at gmail.com  Thu Mar  2 23:30:34 2017
From: teor2345 at gmail.com (teor)
Date: Fri, 3 Mar 2017 10:30:34 +1100
Subject: [tor-access] Does CloudFlare ever expire Tor Exit Nodes?
References: <87varrvagu.fsf@e4310>
Message-ID: <11457741-8714-4446-81FC-B72A32A48A7D@gmail.com>

Hi,

We've just received some feedback from a Tor relay operator who accidentally
made their relay an exit for a short time.

Apparently this places them on the CloudFlare Tor list, and it's not clear if this
will ever change.

If there is no expiry, then there is a denial of service risk.

Anything that behaves like this will fill the list with entries:
* Start an Exit with an IPv4 address and get it on the CloudFlare list
* Move to the next IPv4 address

It doesn't even have to be malicious: home broadband routers and cheap
VPSs tend to behave like this when configured as Exits, as the load sometimes
causes them to crash.

Tim

> Begin forwarded message:
> 
> From: Paw <pawsen at gmail.com>
> Subject: Re: [tor-relays] Remove IP from list of known Tor exit nodes
> Date: 3 March 2017 at 04:45:37 AEDT
> 
>> So it wouldn't surprise me if Cloudflare won't unlist your IP on request
> You are right. I have written some mails to support at cloudflare.com <mailto:support at cloudflare.com>.
> According to
> https://support.cloudflare.com/hc/en-us/articles/203306930-Does-Cloudflare-block-tor <https://support.cloudflare.com/hc/en-us/articles/203306930-Does-Cloudflare-block-tor>
> Cloudflare updates its list of Tor exit node IP addresses every 15 minutes.
> But the reply I got from their support was:
>> it's not listed on honeypot it is not based on any maliscous activity
>> but rather was a special list of TOR endpoints curated by the request
>> of our customers to control access to their sites. As such your
>> endpoint won't be removed from that as it is a TOR endpoint this is
>> completely independent of the reputation.
> They have not registered any malicious activity from the IP and it is
> not figuring on https://check.torproject.org/exit-addresses <https://check.torproject.org/exit-addresses>, but still
> they won't remove it from their list.


T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-access/attachments/20170303/1f4ad978/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-access/attachments/20170303/1f4ad978/attachment.sig>