[tor-relays] too many abuse reports
mick
mbm at rlogin.net
Wed May 23 08:21:35 UTC 2012
On Tue, 22 May 2012 13:17:20 -0700
Mike Perry <mikeperry at torproject.org> allegedly wrote:
>
> As of yet, no one has mentioned the port. Out of curiosity, is it
> included in the Reduced Exit Policy?
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
Mike
The port number reported was 80. My exit policy was restricted to 80
and 443 anyway. Interestingly (and confusingly) though, one report was
for an attack on port 8080. But since the report gave this evidence:
"Destination: 10.15.116.34 (8080)
Content:
os=185--technique=BES HTTP/1.1
Accept-Encoding: identity
Accept-Language: en-us,en;q=0.5
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: sqlmap/1.0-dev (r4997) (http://www.sqlmap.org)
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: 200.189.116.10
Pragma: no-cache
Cache-Control: no-cache,no-store"
and the address of the target is clearly an RFC1918 reserved net, I
figured this host was behind some device doing NAT, possibly a web load
balancer of some kind. Sort of (sadly) amusing though that the
complainant didn't notice that they were accusing me of attacking an
unrouteable network.......
> Also, I think the right answer is a solution like
> https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates#SSHBruteforceAttempts
> rather than blocking anything on the relay side.
Given the above, I doubt the capability of the complainant to implement
such a strategy. Simpler just to complain to another ISP and get them
to own the problem.
> Yeah, this sucks. But hey, if you're forced to be a middle relay, you
> now have a lot of really super cheap options for bandwidth. You should
> consider shopping around. Bandwidth litterally gets cheaper every
> year.
>
> For example, last year, FDCservers was charging $600/mo for 1 Gbit
> dedicated. This year, they now provide a 10 Gbit line for that price!
>
> FDC doesn't allow exits either, but the falling price points tells me
> you should seriously try to renegotiate price with your ISP (or just
> move elsewhere) if they are degrading your service by forcing you into
> non-exit.
>
> Exit bandwidth is worth paying a premium for, because it does require
> more resources at the ISPs end in terms of occasional abuse noise. You
> could also try negotiating upwards if your ISP's prices are already
> competitive with FDC's for middle service. Something tells me they're
> not, though :).
>
I'm not in the market for a $600/month server. I'm a private individual
paying for as much bandwidth as I can afford on a VPS dedicated to tor.
I also provide a tails mirror on another VPS. But yes, I may now move
to another provider. My current ISP seems no longer to want to support
me.
Mick
---------------------------------------------------------------------
blog: baldric.net
fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120523/5a3f9f95/attachment.pgp>
More information about the tor-relays
mailing list