[tor-relays] SSH scans from Tor exit

Nicolas Christin nicolasc at andrew.cmu.edu
Tue Apr 29 21:26:56 UTC 2014 

On Tue Apr 29, 2014, grarpamp <grarpamp at gmail.com> wrote:
> > On 4/28/2014 10:04 PM, Zack Weinberg wrote:
> >> For what it's worth, after complaints from campus IT we also wound up
> >> blocking SSH in the CMU Tor exit's policy.
> 
> Sounds like IT is conflicted and sans balls... permits relay service,
> but well, doesn't. Good that you can run one, but if they're
> whacking you for denied stuff, plan on moving soon when they
> get real complaints.

No. You are confusing university campuses with commercial providers,
from which, as a customer, you are entitled to certain things per
contract. 

In that specific instance, campus IT have been extremely good sports
about us running a Tor exit on our campus. They could have simply said
"no;" instead, they're willing to support this. I think that is
admirable: They have no incentive to do this other than an altruistic
willingness to support research in that sphere. Not to put too fine a
point on it, as a faculty, I pay overhead on research grants whether or
not campus IT is kind to me.

Campus IT is understandably not, however, willing to spend an inordinate
amount of time dealing with complaints from clueless third parties.
SSH port scanning occurs unfortunately often enough it became a pretty
big burden on them to deal with repeated emails from "victims." Our
research group does not have the cycles to deal with these complaints
either---and even if we did, I doubt we would have the authority to
speak on behalf of the university.

So, given the choice between not operating an exit, and operating an
exit without port 22 to avoid overburdening with red tape people who,
once again, have been really good to us, what would you pick?

> The servers aren't the one's that shouldn't be online, it's their idiot
> operators who think SSH's DEFAULT SCREAMING ABOUT DENIED
> HACK ATTEMPTS in the logs is some kind of important, and then go
> reporting it to every place they can think of, each of those places staffed
> by more clueless idiots, etc. 

The level of intelligence of the people that receive these complaints
is irrelevant. However competent you may be, if you get oodles of
complaints every single day, for something that you are doing as a favor
to somebody else, you will throw in the towel.

Best regards, 
Nicolas

More information about the tor-relays mailing list