[tor-relays] SSH scans from Tor exit

Ed Carter ecarter9 at riseup.net
Tue Apr 29 21:15:36 UTC 2014 

Robert,

There is some good advice for exit relay operators on the Tor website that
might be helpful.  Included are templates you can use for responding to
abuse complaints received by your ISP.

https://trac.torproject.org/projects/tor/wiki//doc/TorExitGuidelines

https://blog.torproject.org/running-exit-node

https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates


> Mike,
>
> Yes but the goal is to have more relays, exits and bridges and if
> commercial server operators are very low on spine we have to keep them
> onside carefully.
>
> I have just been kicked of another one after paying a year in advance.
> If we have no authoritative retort when they raise the first 'abuse' most
> of them take the lazy course and bar Tor.\
> When I have said the restricted port list can be added and it has proved
> to be successful some have given me another chance.
> If SSH is open and their server is being used to attack others of course
> they will react defensively.
> So any advice to be proactive and increase the chance of one part of the
> Tor system surviving is advice I want to hear.
>
> Robert
>
>
>>> For what it's worth, after complaints from campus IT we also wound up
>>> blocking SSH in the CMU Tor exit's policy.  It's a shame we can't help
>>> people do sysadmin stuff and whatnot anonymously, but the port scans
>>> do seem to happen quite often.
>>>
>>> zw
>>
>> The silly thing is that port scans happen hundreds of times per day to
>> every internet-connected device, and Tor isn't involved in the vast
>> majority of it.  Not a single server on the 'net is made more secure by
>> an exit node blocking a port.  Will they request that port 80 be blocked
>> because of the SQL injection and Wordpress vulnerability scans?  Or that
>> IMAP and FTP ports be blocked for attempts to brute force logins?  Any
>> open port has the potential for abuse -- blocking ports doesn't seem
>> like a very well thought-out response to the issue.
>>
>> The time people spend complaining to exit node operators would be much
>> better spent performing any number of simple changes that would
>> /actually/ improve security for the server(s).  I  think if a server is
>> so threatened by a port scan that it invokes a human response, that
>> server probably shouldn't be online.
>>
>> /rant
>>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list