[tor-relays] Verizon AS701 blocking Tor consensus server tor26 (86.59.21.38)

Neel Chauhan neel at neelc.org
Wed May 16 00:12:50 UTC 2018 

Hi tor-relays mailing list,

I have noticed that the Tor consensus server tor26 
(https://metrics.torproject.org/rs.html#details/847B1F850344D7876491A54892F904934E4EB85D) 
is blocked on Verizon's UUNET (AS701) backbone, and therefore, Verizon's 
retail services like FiOS and Wireless. I can confirm this on FiOS, but 
I don't use Verizon Wireless (my smartphone uses Sprint) so I can't test 
it there.

A traceroute to tor26's IP address 86.59.21.38 from a Brooklyn apartment 
shows this is filtered on Verizon's backbone:

neel at xb2:~ % traceroute 86.59.21.38
traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets
  1  unknown (192.168.1.1)  1.128 ms  0.780 ms  0.613 ms
  2  lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1)  1.001 ms  
3.632 ms  0.900 ms
  3  B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96)  2.291 ms
     B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94)  3.172 ms  4.046 
ms
  4  * * *
  5  * * *
  6  * * *
  7  * * *
  8  * * *
  9  * * *
^C
neel at xb2:~ %

In a normal traceroute, you will see ALTER.NET at hop 5. Also, the 
subnet 86.59.21.0/24 is not filtered on UUNET. A traceroute to 
86.59.21.1 works:

neel at xb2:~ % traceroute 86.59.21.1
traceroute to 86.59.21.1 (86.59.21.1), 64 hops max, 40 byte packets
  1  unknown (192.168.1.1)  0.863 ms  0.757 ms  0.579 ms
  2  lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1)  1.010 ms  
1.545 ms  1.034 ms
  3  B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96)  3.616 ms
     B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94)  5.696 ms  
10.062 ms
  4  * * *
  5  0.et-5-1-5.BR3.NYC4.ALTER.NET (140.222.2.127)  3.492 ms  3.506 ms  
2.996 ms
  6  204.255.168.118 (204.255.168.118)  8.462 ms  7.479 ms  7.252 ms
  7  144.232.4.84 (144.232.4.84)  5.041 ms  4.688 ms
     sl-crs3-lon-0-6-3-0.sprintlink.net (144.232.9.165)  71.865 ms
  8  sl-crs2-lon-0-0-3-0.sprintlink.net (213.206.128.181)  72.214 ms  
73.579 ms  72.339 ms
  9  213.206.129.142 (213.206.129.142)  81.390 ms
     sl-crs4-ams-0-7-0-3.sprintlink.net (213.206.129.139)  85.854 ms  
93.238 ms
10  217.149.47.46 (217.149.47.46)  79.004 ms  85.669 ms  79.392 ms
11  ams5-core-1.bundle-ether1.tele2.net (130.244.82.54)  86.507 ms  
78.374 ms  77.740 ms
12  ams-core-2.bundle-ether9.tele2.net (130.244.82.57)  79.642 ms  
77.926 ms  81.515 ms
13  wen3-core-2.bundle-ether15.tele2.net (130.244.71.47)  105.400 ms  
105.089 ms  109.751 ms
14  tele2at-bundle2-vie3.net.uta.at (212.152.189.65)  122.716 ms  
110.820 ms  114.354 ms
15  86.59.21.1 (86.59.21.1)  106.389 ms *  105.379 ms
neel at xb2:~ %

I got in contact with Peter Palfrader and he says he couldn't help, and 
also with Verizon FiOS support and they said the filtering 'isn't on 
Verizon's network' (read: isn't on Verizon's internal FiOS network but 
still on Verizon's AS701 which I have to go to to get anywhere on the 
Internet here).

I know that this IP could have been blackholed, and you may think that 
if Verizon is blocking it, then isn't Level 3 or Cogent? Well, Cogent 
doesn't block tor26:

traceroute to 86.59.21.38 (86.59.21.38), 30 hops max, 60 byte packets
  1  gi0-1-1-19.5.agr21.jfk02.atlas.cogentco.com (66.28.3.113)  0.727 ms  
0.727 ms
  2  be2605.ccr41.jfk02.atlas.cogentco.com (154.54.1.153)  2.177 ms 
be2606.ccr42.jfk02.atlas.cogentco.com (154.54.2.29)  0.734 ms
  3  be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)  68.557 ms 
be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)  70.829 ms
  4  be12488.ccr42.ams03.atlas.cogentco.com (130.117.51.42)  74.570 ms 
be12194.ccr41.ams03.atlas.cogentco.com (154.54.56.94)  76.767 ms
  5  be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)  74.515 ms  
74.612 ms
  6  149.6.129.250 (149.6.129.250)  80.758 ms  74.625 ms
  7  ams5-core-1.bundle-ether1.tele2.net (130.244.82.54)  75.421 ms  
75.425 ms
  8  ams-core-2.bundle-ether9.tele2.net (130.244.82.57)  74.516 ms  
74.558 ms
  9  wen3-core-2.bundle-ether15.tele2.net (130.244.71.47)  97.605 ms  
95.470 ms
10  tele2at-bundle2-vie3.net.uta.at (212.152.189.65)  100.314 ms  97.947 
ms
11  86.59.118.145 (86.59.118.145)  96.918 ms  98.620 ms
12  tor.noreply.org (86.59.21.38)  97.853 ms  98.110 ms

(Source: http://www.cogentco.com/en/network/looking-glass)

It could be possible that other Tier 1 networks formerly blocked tor26, 
and also unblocked, but Verizon was sloppy not to do so.

It's also possible that Verizon could be doing it because the FCC 
repealed Net Neturality, and wants to discourage use of Tor to mine 
FiOS/VZW customers' browsing habits. But despite a NN repeal I can still 
access Tor on FiOS, and also run a relay (I do both) because other 
consensus relays are still unblocked.

But if Verizon didn't unblock tor26, could it actually mean that Verizon 
wants to discourage Tor (and VPN/proxy) use to try to mine information 
of their customers (and sell ads/information) and direct users to 
VZ-owned AOL and Yahoo? Well, I hope they were just sloppy and don't 
mean to wage war on Tor.

While I'm not saying you should avoid using anything Verizon at all 
costs (I certainly wouldn't want to go to the local cable company), I 
just want to point out a blocked consensus server.

Thank You,

Neel Chauhan

===

https://www.neelc.org/

More information about the tor-relays mailing list