[tor-relays] Avoiding sinkholes

Roger Dingledine arma at mit.edu
Fri Mar 28 06:29:46 UTC 2014

On Fri, Mar 28, 2014 at 08:36:06AM +0300, ramo at goodvikings.com wrote:
> It's on that list since at some point a botnet talking through tor to
>its C&C server used my exit node to do so

Actually, it could easily have been a computer security researcher who
used Tor to access that address, not realizing the collateral damage he
was triggering. A growing number of malware researchers and antivirus
companies use Tor to reach various parts of the Internet, because
otherwise the bad guys recognize their IP address and special-case them.

As Moritz says, this is alas not an easy game to win. Not long ago
I learned that the .mil domain refuses to hear any packets from my
computer, which runs one of the directory authorities (and it's not
even an exit relay!). That meant my postfix became convinced that all
mails to or from .mil addresses were spam, since their name doesn't
resolve. Bad news for the Navy researchers who are signed up to, say,
the petsymposium.org mailing lists.

The real fun is going to start when these blacklists try to bully us by
blacklisting the whole /24 nearby, in hopes that our neighbors will lean
on us to cut it out.

I still enjoy rereading http://paulgraham.com/spamhausblacklist.html as
linked from https://www.torproject.org/docs/faq-abuse#TypicalAbuses


More information about the tor-relays mailing list