[tor-commits] [community/master] Fix #71 - migrate Bad relays wiki page from Trac
emmapeel at torproject.org
emmapeel at torproject.org
Thu Aug 15 14:56:02 UTC 2019
commit be95e867f69f9f4fb6f6aa9d35386fbe21d2bd0b
Author: gus <gus at torproject.org>
Date: Wed Aug 14 14:20:40 2019 -0400
Fix #71 - migrate Bad relays wiki page from Trac
---
.../community-resources/bad-relays/contents.lr | 70 ++++++++++++++++++++++
1 file changed, 70 insertions(+)
diff --git a/content/relay-operations/community-resources/bad-relays/contents.lr b/content/relay-operations/community-resources/bad-relays/contents.lr
new file mode 100644
index 0000000..217730a
--- /dev/null
+++ b/content/relay-operations/community-resources/bad-relays/contents.lr
@@ -0,0 +1,70 @@
+_model: page
+---
+title: Bad relays
+---
+body:
+
+Ran into a misconfigured, malicious, or suspicious relay while using Tor? Please let us know by sending email to bad-relays AT lists DOT torproject DOT org! Many bad relays are caught thanks to our wider community, so many thanks for all your help and vigilance!
+
+### What is a bad relay?
+
+A bad relay is one that either doesn't work properly or tampers with our users' connections. This can be either through maliciousness or misconfiguration. Some common examples are...
+
+ * Tampering with exit traffic in any way (including dropping accepted connections). This might be accidental (such as an anti-virus filter) or malicious (commonly SSLStrip, which replaces https:// links with http:// to snoop on traffic) or even intentional (such as layer 7 inspection for P2P traffic detection/mitigation).
+ * Running HSDirs that harvest and probe .onion addresses
+ * Manipulating the DHT that is used for onion services, e.g., by positioning itself in the DHT.
+ * Using a DNS provider that censors its results (such as some [OpenDNS](http://www.opendns.com) or Quad (9 9.9.9.9) configurations).
+ * Performing a [Sybil attack](https://en.wikipedia.org/wiki/Sybil_attack), which means flooding the network with new relays in an effort to deanonymize users. If you want to run multiple relays then that's great! But please be sure to set the [MyFamily parameter](https://www.torproject.org/docs/tor-manual.html.en#MyFamily).
+ * Exit relays routing their exit traffic back into the tor network (not actually exiting any traffic)
+
+Also, if your relay is stolen or goes missing, please report it as well, so we can blacklist it in case whoever took it puts it back online.
+
+The following are currently permitted yet do have some discussion for prohibition (as such, they should not be reported at this time)...
+
+ * Only allowing plain-text traffic (for instance, just port 80). There's no good reason to disallow its encrypted counterpart (like port 443), making these relays highly suspect for sniffing traffic. See [context](https://www.google.com/search?site:torproject.org+80+443+6667) and [spec](https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n1969).
+
+### How do I report a bad relay?
+
+If you encounter a bad relay then please let us know and write to `bad-relays AT lists DOT torproject DOT org`.
+
+You can check which exit you are using at any time by visiting [tor check](https://check.torproject.org/). Please include the following in your report:
+
+ 1. The relay's IP address or fingerprint. The fingerprint is a forty-character hex string such as `203933ED4E55EF8A3C3518427D1A1ED6A4CC285E`.
+ 2. What kind of behavior did you see?
+ 3. Any additional information we'll need to reproduce the issue.
+
+However, if you need help with anything Tor-related, please contact the [help desk](https://www.torproject.org/about/contact) instead.
+
+### What happens to bad relays?
+
+After a relay is reported and we've verified the behavior we'll attempt to contact the relay operator. Often we can sort things out but if not (or the relay lacks contact information) we'll flag it to prevent it from continuing to be used.
+
+We have thee types of flags we can apply:
+
+ * BadExit - Never used as an exit relay (for relays that appear to mess with exit traffic)
+ * Invalid - Never used unless AllowInvalidNodes is set (by default this only allows for middle and rendezvous usage)
+ * Reject - Dropped from the consensus entirely
+
+Which we use depends on the severity of the issue, and if it can still be safely used in certain situations.
+
+### My relays was given the BadExit flag. What's up?
+
+In just about all cases we're unable to contact the operator to resolve the issue, so if your relay has been flagged as a BadExit then please let us know (see above for contact info) so we can work together to fix the issue.
+
+### Do you actively look for bad relays?
+
+Yes. For our automated issue detection see [exitmap](http://www.cs.kau.se/philwint/spoiled_onions/) and [sybilhunter](https://gitweb.torproject.org/user/phw/sybilhunter.git/).
+
+Other monitors include [tortunnel](http://www.thoughtcrime.org/software/tortunnel/), [SoaT](https://gitweb.torproject.org/torflow.git/blob/HEAD:/NetworkScanners/ExitAuthority/README.ExitScanning), [torscanner](https://code.google.com/p/torscanner/), and [DetecTor](http://detector.io/DetecTor.html).
+
+
+---
+html: two-columns-page.html
+---
+key: 7
+---
+section: Community Resources
+---
+section_id: bad-relays
+---
+subtitle: Learn how to report relays that either doesn't work properly or tampers with our users' connections
More information about the tor-commits
mailing list