[tor-relays] Filter Tor Exit Node for blatant attacks on servers

Xza yandereson at riseup.net
Mon Jun 13 01:03:56 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Abuse will always be there, and isn't bound by Tor exits only.
There is lots of this "malicious" traffic on the internet.
Mainly new/small ISPs will react heavily to abuse complaints because they don't wanna end up on certain lists (IP ranges, bad name, w/e you want to call it)
Big ISPs usually are way softer on abuse and they forward it most likely to the person and you have to respond within certain amount of time.
And then there are these certain systems that go off if you scan their IP ranges or ports( or something else )and they automatically send abuse complaints to your ISP.
Good ISPs should never interfere with traffic they should just route and switch.

On June 13, 2016 12:53:04 AM GMT+02:00, Dr Gerard Bulger <gerard at bulger.co.uk> wrote:
>There is a moral problem to know that the service you are running as an
>exit, for the sake of the mythical T-shirt, internet freedom and lack
>of censorship, is being abused to such an extent.   I increased my exit
>speed from 2.5mbs to 5mbs and rose up the exit rankings such that abuse
>emails went from one every two months to 2-3 a day.  Some serious, many
>were automated crap where I wanted to tell the wimps to get a grip and
>welcome to the internet.
>
>
>
>When tapped on the shoulder by the ISP which is pointing out obvious
>abuse and attacks coming from my exit IP, it’s not enough to shrug my
>shoulders and claim overall good of TOR.   All I can do is block the
>offended IP address after the event (without consent).  I can do that
>in TORRC.   If I can do that why is it reprehensible in TOR lore to
>attempt something more subtle and pre-emptive?
>
>
>
>Of course much internet traffic is repugnant, but Tor attracts a higher
>proportion. Tor is being strangled by the abuse. It is the login and
>other attacks on servers that could be blocked of hindered.  Tor is
>getting a bad press and law makers respond impetuously to make bad laws
>making matters worse.
>
>
>
>Gerry
>
>
>
>From: tor-relays [mailto:tor-relays-bounces at lists.torproject.org] On
>Behalf Of Jonathan Baker-Bates
>Sent: 12 June 2016 21:01
>To: tor-relays <tor-relays at lists.torproject.org>
>Subject: Re: [tor-relays] Filter Tor Exit Node for blatant attacks on
>servers
>
>
>
>In the past when I've tried thinking about this it has been too fraught
>with moral hazard for me. Morally, Tor is about keeping private
>communications private, in the hope that more good than bad will come
>of it.
>
>On 12 Jun 2016 8:40 p.m., "Dr Gerard Bulger" <gerard at bulger.co.uk
><mailto:gerard at bulger.co.uk> > wrote:
>
>Not sure eavesdrop is the right word, since ISPs throttle all sorts of
>traffic by inspecting it such as torrent, let alone TOR.   I suppose we
>could argue that in signing up for an internet connection, deep in the
>ISP’s small print, we consent to that behaviour.  Is it really true
>that consent has to be sought by every router on the way?
>
>
>
>Inspecting packets for obvious things like denial of service attacks
>and brute force logins would seem very legitimate to me and I doubt
>that the law would be such an ass, since we cannot gain consent.
>
>
>
>I know there is a fine line but looking at how packets are behaving and
>looking for repetitive logins is not the same as watching the content
>and censoring that.  Then an exit node could only inspect what EXITS
>onto the internet.
>
>
>
>Gerry
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>From: tor-relays [mailto:tor-relays-bounces at lists.torproject.org
><mailto:tor-relays-bounces at lists.torproject.org> ] On Behalf Of Gareth
>Llewellyn
>Sent: 12 June 2016 18:38
>To: tor-relays at lists.torproject.org
><mailto:tor-relays at lists.torproject.org>
>Subject: Re: [tor-relays] Filter Tor Exit Node for blatant attacks on
>servers
>
>
>
>On 12 Jun 2016 5:49 p.m., "Jonathan Baker-Bates"
><jonathan at bakerbates.com <mailto:jonathan at bakerbates.com> > wrote:
>> But along the way I asked some others about the legal implications of
>doing what the ISP had asked. The rough consensus was that in the UK at
>least, I would only be able to evesdrop on traffic once consent had
>been given by those being monitored. Otherwise I'd be illegally
>wiretapping and open to prosecution. But it was far from clear what
>would happen if somebody took me a court!
>>
>
>Indeed the Regulation of Investigatory Powers Act 2000 and the
>Investigatory Powers Bill contain offences relating to surveillance of
>traffic without a warrant / permission etc. (Caveats etc apply)
>
>> On 12 June 2016 at 16:12, Dr Gerard Bulger <gerard at bulger.co.uk
><mailto:gerard at bulger.co.uk> > wrote:
>>> Once TOR
>>> exits attempts any filtering where would it stop?   It is a slippery
>slope.
>
>FWIW one of the reasons we have the "pirate" blocks (in the UK) is that
>the High Court Judge (Hon. justice Arnold) in the case was informed
>that the ISPs in question had the ability to block sites (e.g.
>Cleanfeed) therefore it was possible for them to block more.
>
>Had this ISP level censorship technology not existed then we wouldn't
>be in *quite* the situation we are now.
>
>>> It is more than embarrassing to run an exit node and get abuse
>complaints
>>> about persistent and repeated attacks on an IP. The intent is
>clearly
>>> criminal.  VPS providers in the UK are increasing intolerant in
>receiving
>>> such complaints.  The whole VPS can be closed down by the ISP/VPS
>provider
>>> not forcing a closure of the TOR exit.  Fewer ISPs will allow you to
>install
>>> an exit node at all.
>
>This is one of the reasons why I started a UK ISP (AS28715) - I now run
>UK exits and don't have issues with them getting shutdown because the
>ISP got cold feet / got bored of abuse emails / complaints from other
>customers (entire /24 blocked by anti-tor blacklists) etc etc.
>
>Good ISPs don't deploy web filtering, transparent proxies or IDS' that
>interfere with traffic. IMHO well behaved Tor Exits shouldn't either.
>
>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
><mailto:tor-relays at lists.torproject.org>
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

- --
PGP : 29A4CE52
-----BEGIN PGP SIGNATURE-----

iQI4BAEBCgAiGxxEbyA8eWFuZGVyZXNvbkByaXNldXAubmV0PgUCV14GWQAKCRBI
of/XNyszSqy6EACMLgCmnKcCvgpLusrlLIA93Bg6fxESfkyk30hxv6gxDpgtll8Y
t8Hnf0lcNO8PbHkIG0fGw2BGovXUtNfZAQpfvNiThPfieq1Zd9p/xCxesq/DXoJd
Wz5u8pbVO2ETq/4L635l+94kmU4PkP+QMsxsXkxtihA6AdLe7PDIjEm03txpbt0d
pmcHOaVZf7d36HqonV3lKXd9ir1C+/kqQzNTpREDMxMf7m0tUX7cQe/3fNDVGMKL
v5F++9uwYnZQGFyrDuW6SQJBLTNy2NQ2HJH4g6gVQmGqK+3+J/8srU+cgVItw+dy
mVrgKPfSeJjS552Ommeu1OoRVUPN3qkkZp1j/9mj418XD/CVWiGok+SxbLcyOVjU
Cv/0RVuAgzZWLKZ1VSI3t2k3cADdl4Ri/j+1MU23G3ptvetQxoMQlCIfT79+qqED
T7NiyQ++ecHqNTIhzf0NE2sM72Ht32mSrnrBP8Y60opqYD8tjwVmNfzcP6u+BaMS
bCowPwwCYIaMW3YkjxdCBsayaamS6J1YrF9O9+mtAA2sm840xSOCA+Peo0XSZFE2
Rf+YT2Wv2Z1XNo4iHpHN3FYoIMHI7SC6yfGhvyQFlfrPwFA+3GpBaffNDhpcJXV+
uab+BojoDr5id2ZjWXN0D5/jZeXmzXHwbCGMTs4t42aTZMgvOa0I3N1O/Q==
=ZUP4
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list