[tor-relays] MY IP adress on blacklist and then in exit relay policy

Zack Weinberg zackw at cmu.edu
Mon Mar 30 15:01:40 UTC 2015

This *will* happen again.  You need to have a conversation with your
provider and convince them to ignore reports of this form for your
exit node, or else you need to get a new provider.  I would open the
conversation with something like this:

| This machine is a Tor exit node, which, as part of its normal operation,
| proxies traffic for other hosts on the Internet.  By design, it is impossible
| for me to identify those other hosts or communicate with their operators.
| It is one of those other hosts that was infected with s_downloaderbot-mxb.
| Because Tor users are very diverse, I can't guarantee that this will never
| happen again.  You should expect ongoing false positives for this machine
| on all checks for malware infection, outdated operating system, etc.
| I have the ability to disable proxying to specific IP address ranges and
| specific TCP ports, but this should be considered a last resort tactic.  It
| does not actually prevent anyone from using Tor to send spam or whatever;
| the traffic will just move to some other exit node.  I also have the
ability to
| limit the total bandwidth consumed by Tor.
| I'm happy to work with you to minimize the impact of this service on your
| network.  I hope you will consider allowing it to remain in operation, as it
| is extremely valuable for people who need to conceal their official
| identities online, especially in countries where access to the Internet
| is restricted.  For more information please see
| https://www.torproject.org/about/overview.html#overview


On Mon, Mar 30, 2015 at 9:04 AM, Cmar433 <cmar433 at yandex.com> wrote:
> https://globe.torproject.org/#/relay/9DCF76179FCF47224D235ECD4A6165FED22ECE7B
> So, i am running exit node. My provider send me an email .. "This IP is infected with, or is NATting for a machine infected with s_downloaderbot-mxb"
> Any idea what can i do with this problem ?
> Now i can see my IP in my server exit policy ...
> After my "delist action" is clean ..
> http://www.senderbase.org/lookup/ip/?search_string=
> I need just wait ? And all outgoing packet from my server still droped ?
> Thanks ..
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list