[tor-relays] abuse reports from shadowserver.org
Alexander Bernauer
alex-tor at copton.net
Sun Mar 20 10:58:59 UTC 2011
Hey Mike,
thank you for your support.
On Sat, Mar 19, 2011 at 06:16:45PM -0700, Mike Perry wrote:
> It is quite possible that lunatics like these will just make up abuse
> reports and send them to ISPs that look like they might cave. It is
> very interesting that our higher bandwidth exits that *do* exit to IRC
> are not hearing from them right now.
I still don't understand why they report an IRC bot if the target port
is port 80.
> What is their network topology like? Do they cycle through their
> honeypots?
I don't know. How could we find out?
> iptables is especially bad if you have the situation where what was
> once a honeypot one week turns into a legitimate server the next.
> OTOH, exit policy is bad if you end up with a ton of entries in it...
Yes, I agree. Up to now it's only the 8 IPs that Damian obtained from
robtex. I block them both via exit policy and iptables (just to be
sure...)
> This may be an issue. If the zealots believe that they can intimidate
> your ISP to knock you offline, they may keep sending nonsense reports
> to do so, declaring victory that one more tor node bites the dust...
> Not sure what to tell you about this. If they succeed, perhaps it's
> just new ISP time?
I think, the larger problem then is that "one more ISP bites the dust".
Let's see what happens.
regards
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20110320/ef3fcb90/attachment.pgp>
More information about the tor-relays
mailing list