[tor-relays] Botnet
teor
teor2345 at gmail.com
Tue Aug 25 14:17:35 UTC 2015
> On 25 Aug 2015, at 23:54, Heiko Tropartz <butary at gmx.de> wrote:
>
>
> Hello,
>
> my ISP deactivated the network traffic of my tor-exit relay because the server is part of the following botnets:
>
> - Wapomi
> - AldiBot
> - Darkness Bot
>
> In the last 2 hours I analysed the sparse log files and checked the system by checksums I created after the installation.
> The linux server is clean.
>
> I send an answer to my ISP, that the server is only an exit-relay for Tor traffic. I also attached a list security software including configurations that I installed.
> But the network traffic keeps blocked until I guarantee for a secure network traffic.
>
> Can someone advise me what to do?
> Any tips and hints?
It's unfortunate your provider doesn't understand the concept of an overlay network, or even the concept of a proxy.
If they are going to continue to judge you by your traffic, here's how you can change the traffic allowed through your exit:
If the botnets connect to particular IP addresses or ports, you can block those in your Tor Exit policy or server firewall.
Alternately, if the complainants / honeypots are on particular IPs, you can block those.
You might have to ask your ISP what IPs or ports are generating the complaints.
Tim (teor)
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150826/f0487a63/attachment.html>
More information about the tor-relays
mailing list