[tor-relays] Tor Exit Node - DDOS

Kris krisa at subtend.net
Wed Aug 7 20:00:16 UTC 2013 

I've been an end user of tor for a few years and finally as of last week 
purchased a virtualhost to run an exit relay.

After a few days running smoothly, I received a forwarded abuse complaint from 
the hosting company from someone saying their are being DDOS'd by my IP.

I'm prepared per the tor website regarding DMCA notifications, but haven't found 
much on how to deal with this situation.  I have:

* made it quite obvious that this is an exit node
   * reverse dns is tor-exit-node.nenticom.net
   * web server running on 8080/80 with the tor notification page
   * provide full real name and abuse at nenticom.net contact
   * notified the hosting company
* applied the recommended exit policy per the "minimum harassment" post

You can see most of this off Atlas (node: nenticom).
https://atlas.torproject.org/#details/50D04704A5017C02CC63AFE4A66F05DF79ED81F3

Can anyone provide a recommendation of how to respond to this notice (provided 
below)?  Given the headers the original complainer filed it looks like someone 
is running benchmark software over tor.

Maybe after explaining that I'm a tor exit node to the provider I can offer to 
block exiting to the IP block belonging to the original complainer?



Notice from Hosting Provider
----------------------------

Please review the following abuse complaint and provide us with a resolution:

******************************
Hello,

Over the last three days we have experienced a massive amounts of incoming HTTP 
connections from an IP address under your control as part of a DDOS attack.

Can you please investigate the server/computer associated with this IP address 
as it is more than likely compromised and is now part of a BotNet.

For your reference, all requests to our server from the IP in question are 
listed in the Apache logs as:
"GET / HTTP/1.0" 500 11680 "-" "ApacheBench/2.3"

The attackers IP address that appears to belong to you or your network is 
'192.241.230.170'. Please resolve this as soon as possible.

-- 
Kind regards,
Benjamin Hodgetts
Dedicated Hosting Server Administrator
Namesco Ltd.

Phone:	+44 (0)1905 342347
Email:	bhodgetts at names.co.uk
DDI:	+44 (0)1905 342384

Main Line:	 +44 (0)1905 342342 / 0845 363 3630
Main Fax:	 +44 (0)1905 342343 / 0845 363 3631
Support Email:	supportmanager at names.co.uk
Website:	 http://www.names.co.uk

Namesco Limited (Registration No: 3913408) is incorporated in England and Wales 
with its registered office at Acton House, Perdiswell Park, Worcester, WR3 7GD.

Information contained in this e-mail is intended for the use of the addressee 
only, and is confidential. If you have received this email in error please 
notify the sender immediately. Any dissemination, distribution, copying or use 
of this communication without prior permission of the addressee is strictly 
prohibited. The contents of an attachment to this e-mail may contain software 
viruses, which could damage your own computer system. While Namesco has taken 
every reasonable precaution to minimise this risk, we cannot accept liability 
for any damage, which you sustain as a result of software viruses. You should 
carry out your own virus checks before opening the attachment. Please note that 
any views or opinions presented in this email are solely those of the author and 
do not necessarily represent those of the company.

©2013 Namesco Limited. All rights reserved.
******************************

More information about the tor-relays mailing list