[tor-relays] Exit relay is apparently being used to attack other servers
Moritz Bartl
moritz at torservers.net
Tue Jun 16 05:14:51 UTC 2015
On 06/14/2015 10:35 PM, trillium wrote:
> Thanks all for the help. I think I may try to move the exit relay
> over to SolarVPS or another VPS.
I think it's a very good approach to hunt new providers on platforms
like lowendbox.com, ask them whether they are okay with exit relays, and
then try them out. If you run into problmes, avoid the temptation of
concentrating too much capacity on the small number of known friendly
ISPs, but rather hunt down the next "possibly friendly" ISP. Don't
forget to add your experiences including date to the wiki [1].
It is plain stupidity when a provider asks you to remove your IPs from a
simple DNSBL that lists Tor relays. In these cases, maybe you can relay
them to people like us at torservers.net for "expert opinion" on the matter?
In dealing with "hacking attempt" complaints, if your ISP doesn't
understand how little influence you have on these quite usual Internet
activities which are basically just background noise [2], what may help
is if you tell them that you have successfully blocked the attacks (by
blacklisting the respective IPs to your ExitPolicy), and will continue
to do so in a responsive way in the future.
We at Zwiebelfreunde have basically stopped dealing with automated
reports. But, we did so only after a few years of "training our ISPs" by
being very polite and fast in dealing with complaints. And, dedicated
machines make a difference. Maybe pool your money with other Tor relay
fans, similar to what I did? Especially since a fast relay currently
helps the network more than a lot of small ones.
[1] https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
[2]
http://krebsonsecurity.com/2015/05/whos-scanning-your-network-a-everyone/
--
Moritz Bartl
https://www.torservers.net/
More information about the tor-relays
mailing list