[tor-relays] Keeping an exit node off of blacklists due to botnet activity.

Julian Plamann julian at amity.be
Thu Jun 4 19:28:38 UTC 2015


 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have a fairly high bandwidth exit node running for about a month now
that I'm having difficulty keeping off of the http://cbl.abuseat.org/
blacklist and have been informed of this listing by the VPS provider.
The relay is running with a reduced exit policy -- and additionally I've
blocked common mail ports, etc via IPFW so I know that no spam is
actually being sent out of the relay. Still, various botnets connections
are connecting to abuseat.org botnet sinkholes via port 80
Command&Control connection attempts. I'm at a loss at how to stop this
or somehow detect and filter botnet traffic.

I've informed the VPS provider that I'm on top of it and have the
machine configured to not actually allow this sort of malicious traffic
out and they seem to be generally happy with that explanation, but a
better solution if one exists would be appreciated.

Thanks,

Julian Plamann

julian (at) amity.be
GPG: 0x96881D83
-----BEGIN PGP SIGNATURE-----
Version: Mailvelope v0.13.1
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJVcKatCRB9wOTqlogdgwAAgdYP/268o2gs1nSKVcNKQfJR
gnKQyBsduy2DZCGlSCnEmj4JJ0E9jiOsh+aBrZBknnbbwYPtwMBuctHTblXD
czQAy5DxMNUE+E9wofLQJHLUe3W43hueKGuKzVjBnnSgxKhsUS+7dH1q4dLt
KHzYdxUqQQYmmX4P9uY43/6tWeratdUF7w93cevatRpDbULMTb0j09+aeUyE
MfU2i3KK6CZXIij6oo2pndwrglHywcasFwXpmEN058SYrHlB/4QDQBl7xgyU
eELb71jxmz+vwZOyfEyj10ffwVtT/TcYKi5wOT1viDqQV9orNmlu8UOvu3xE
47zsb8M1Bt8JU19AsKmJNVS3YLH+2J5ertyi2mFM2PpSRIAQ6NzGA/zd/+Qr
MJ7pilIBpozauf/iqiZH3UFDU5UUSezqR62fSkUDuTNaSIV5Inz0gWJnqK8w
ZUMLM5xovCvWg/SqrZo0Qbry2AxOZ/l5zyhW4Jn2uioOoP+Z763FP04LcRm9
gVqfvVDNHyaAvdgKR8PSPXi2PrnNb0uEKDZLea76deWN8f2DBgfqp5hRAUOf
Mk2BD9Fk30F1RC0QH0DLm/hsgTnxDEyq+XDtD6LJiGkfiHtwPkye6pH+Qf3K
ZuonkypZqdfccY68lb2hMkLW7N/hsOf4hjUVQri/TL8V6eUMoEw0OAZLzhtZ
gv2S
=HitE
-----END PGP SIGNATURE-----

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150604/6585c4c3/attachment-0001.html>


More information about the tor-relays mailing list