[tor-relays] Non-exit abuse reports

Roman Mamedov rm at romanrm.net
Sat May 17 09:40:22 UTC 2014

On Sat, 17 May 2014 10:27:39 +0200
dope457 <dope457 at riseup.net> wrote:

> Hello,
> I have been running middle relay on my VPS since it was too much trouble 
> to operate an exit. But ever since I have received two abuse reports 
> regarding same issue.
> 1) Source:
> Event type: DNSANOMALY
> Detail:  High amount of TCP DNS traffic, whole transfer: 12 503 B
> Timestamp:
> 2014-05-14
> 20:20:35
> NetFlow source: localhost
> Targets:

This relay:
runs with their ORPort set to 53, which is more commonly used for the TCP
variant of DNS. So your ordinary communication with them as a part of Tor
relaying is misdetected by your ISP as malicious DNS attack.

You options are:

1) Explaining the above (along with some explanation about Tor network in
general) to your provider;

2) mailing to the contact E-Mail of the above relay, asking them to change
their port (but then there may be more relays doing the same in the future);

3) blocking outgoing communication to TCP port 53 to all IPs which are not
your chosen recusive DNS servers (set in /etc/resolv.conf); but this will
partially break the Tor network, as part of the circuits which clients try to
establish via your node will now fail (if they happen to include such ORPort
53 nodes).

With respect,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140517/4c2c4f9e/attachment.sig>

More information about the tor-relays mailing list