[tor-relays] webiron requesting to block several /24 subnet

JusticeRage justicerage at manalyzer.org
Mon Nov 16 13:50:51 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I'm currently in the middle of a somewhat heated e-mail debate with
their vice-president.
Pasting the e-mails below would be indelicate, but their position is
that the Tor network is responsible for the abuse it generates and
should take measures to prevent/block malicious traffic.
They also state that according to their measurements, 99% of the
traffic coming out of Tor is hostile, and they're going to release a
report on the matter soon.

On my side, I've been arguing that 99% of bad traffic absolutely
doesn't imply 99% of bad users, since brute-force attacks generate a
massive amount of requests (i.e. that 99% of bad traffic may be
generated by 1% of the users for all we know) - and therefore I'm
unwilling to punish all of them because of an unruly few.
Besides, blocking whole /24 subnets seems overkill to me, and they
have yet to prove that they have the authority to speak for all the
IPs they are requesting.

I suggested that site owners who wish to block Tor traffic do so using
the DNSRBL, to which they replied that "hundreds of millions of site
owners who barely know how to do e-mail" shouldn't be asked to
configure their servers - or indeed do anything to protect themselves
because that's victim blaming.
They add that "what we have coming next in tackling abuses will make
your heads spin :)" and conclude that I'm an arrogant bastard (mildly
paraphrasing here).

So as far as I'm concerned, I'll just discard anything I receive from
them in the future. I've told my hosting provider that their automated
e-mails should be disregarded, and they are okay with that.

- --
JusticeRage

On 16/11/2015 13:52, Cristian Consonni wrote:
> 2015-11-16 13:21 GMT+01:00 Eran Sandler <eran at sandler.co.il>:
>> My hosting provider also go these requests. Their terms of 
>> service requires that I will answer something to acknowledge I 
>> got that.
>> 
>> I just answer "ok, I'll handle it" and that's it.
>> 
>> The reverse lookup of my nodes points to a hostname that shows 
>> the Tor text. The host name is tor4thepeople1.torexitnode.net so 
>> I'm quite sure they know that.
> 
> Same here.
> 
>> I don't do anything beyond that and agree with AMuse that they 
>> can easily handle that without bugging the operators.
> 
> I understand this and it would also be my first line of reaction. 
> However, I am a new exit node operator (my node as been active as 
> an exit only for 5 and half now) and I have to understand how my 
> ISP reacts to this kind of things.
> 
> For instance, after the report (which clearly says " Automated 
> Message" on top of it, btw) they have sent me an email *and*
> called me on the phone (I just spoke with their customer tech
> support, they keep reminding me that everything that happens on
> that machine is my responsibility). They told me that they offer
> SWIP reassigment at an additional cost and only if buy dedicated
> servers and dedicated IP. I will speak with their commercial help
> desk to understand the costs.
> 
> For the moment I will keep a low profile and I will block the 
> mentioned IP range for a month. Then let's see if I can talk to my 
> ISP and get the SWIP reassignment.
> 
> C _______________________________________________ tor-relays 
> mailing list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWSd87AAoJEEDp8Kj16odU8VIP/iEUQIHmWnxZT9c/cNgjEnD5
a8OG7/zT7mvyZ+NTQaNFIo2S7q/xFUVolwxF96JPrdu+ttFSzF1j728504nvZlQm
5axWDR3vFVrY8e9TPnQiExA7J4d4z2TVGQT6J2rI8o3X7+IJgdOFWulxdrbTqgTV
kp1T1acP+lVEa5pUo+hEJGECQpYP9RUyrHs8ySkKFrdgE4RRPCaNvDsDQpjv5S70
1QcVvU1mppHmbFLoskvtIKa7PlOL/bvN0H2uJBm8wblDASxg5YFBeZU5xpQbHz28
GHvwxtGrEqL/ilMnkrEYDB8113UCVXV9sIZ1P+ZvXillKsJcalhMgJTVZE8+Rkov
62xRsZXvCfWZ/47gse/HddYgot3NOK/pCbl70McwnJzS7BDpXiGVbMD2xH2qtghD
BZVsPyln3Gkky3Jzo8r8u7Hi0Z6XP4iKIzNBMuRTKJ8SZiP1A4gCH0ITP1kUugzY
5abhGJFxcFQkeOGN2RaWaV1j80mblXsdMGhSo2E+0mdhxFWt595soNXtx37FPh27
jyHtxyfLOAtTva73RsaiaAahNvTPcEGXXpzl0cBIflNNVW4qn91NtwVXh6hYNX9L
rwfEgJOBYqBEElqe1XVvuUb8X6sUWXuuoIsG45OwiyFMBeXxEgfs6+eFLjsQVmvx
s9eNG7HyFIw/1Pncmtgp
=QKxP
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list