teor2345 at gmail.com
Tue Aug 25 14:17:35 UTC 2015
> On 25 Aug 2015, at 23:54, Heiko Tropartz <butary at gmx.de> wrote:
> my ISP deactivated the network traffic of my tor-exit relay because the server is part of the following botnets:
> - Wapomi
> - AldiBot
> - Darkness Bot
> In the last 2 hours I analysed the sparse log files and checked the system by checksums I created after the installation.
> The linux server is clean.
> I send an answer to my ISP, that the server is only an exit-relay for Tor traffic. I also attached a list security software including configurations that I installed.
> But the network traffic keeps blocked until I guarantee for a secure network traffic.
> Can someone advise me what to do?
> Any tips and hints?
It's unfortunate your provider doesn't understand the concept of an overlay network, or even the concept of a proxy.
If they are going to continue to judge you by your traffic, here's how you can change the traffic allowed through your exit:
If the botnets connect to particular IP addresses or ports, you can block those in your Tor Exit policy or server firewall.
Alternately, if the complainants / honeypots are on particular IPs, you can block those.
You might have to ask your ISP what IPs or ports are generating the complaints.
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-relays