[tor-relays] Verizon AS701 blocking Tor consensus server tor26 (86.59.21.38)

Matthew Glennon matthew at glennon.online
Wed May 16 12:32:54 UTC 2018 

The Verizon Wireless network seems to be the same.
https://imgur.com/a/fw6X9ZY

On Wed, May 16, 2018 at 8:17 AM Matthew Glennon <matthew at glennon.online>
wrote:

> My relay exhibits the same results on AS701, MCI Communications Services,
> Inc. d/b/a Verizon Business
>
> https://metrics.torproject.org/rs.html#details/924B24AFA7F075D059E8EEB284CC400B33D3D036
>
> matthew at freedom:~$ traceroute 86.59.21.38
> traceroute to 86.59.21.38 (86.59.21.38), 30 hops max, 60 byte packets
>  1  lo0-100.RCMDVA-VFTTP-307.verizon-gni.net (96.253.78.1)  4.340 ms
> 4.297 ms  4.273 ms
>  2  B3307.RCMDVA-LCR-22.verizon-gni.net (130.81.24.74)  3.854 ms  4.156
> ms  8.609 ms
>  3  * * *
>  4  * * *
>  5  * * *
>  6  * * *
>  7  * * *
>  8  * * *
>  9  * * *
> 10  * * *
> 11  * * *
> 12  * * *
> 13  * * *
> 14  * * *
> 15  * * *
> 16  * * *
> 17  * * *
> 18  * * *
> 19  * * *
> 20  * * *
> 21  * * *
> 22  * * *
> 23  * * *
> 24  * * *
> 25  * * *
> 26  * * *
> 27  * * *
> 28  * * *
> 29  * * *
> 30  * * *
>
>
>
> On Tue, May 15, 2018 at 9:18 PM Shawn Webb <shawn.webb at hardenedbsd.org>
> wrote:
>
>> On Tue, May 15, 2018 at 08:12:50PM -0400, Neel Chauhan wrote:
>> > Hi tor-relays mailing list,
>> >
>> > I have noticed that the Tor consensus server tor26 (
>> https://metrics.torproject.org/rs.html#details/847B1F850344D7876491A54892F904934E4EB85D
>> )
>> > is blocked on Verizon's UUNET (AS701) backbone, and therefore, Verizon's
>> > retail services like FiOS and Wireless. I can confirm this on FiOS, but
>> I
>> > don't use Verizon Wireless (my smartphone uses Sprint) so I can't test
>> it
>> > there.
>> >
>> > A traceroute to tor26's IP address 86.59.21.38 from a Brooklyn apartment
>> > shows this is filtered on Verizon's backbone:
>> >
>> > neel at xb2:~ % traceroute 86.59.21.38
>> > traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets
>> >  1  unknown (192.168.1.1)  1.128 ms  0.780 ms  0.613 ms
>> >  2  lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1)  1.001 ms
>> 3.632
>> > ms  0.900 ms
>> >  3  B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96)  2.291 ms
>> >     B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94)  3.172 ms
>> 4.046 ms
>> >  4  * * *
>> >  5  * * *
>> >  6  * * *
>> >  7  * * *
>> >  8  * * *
>> >  9  * * *
>> > ^C
>> > neel at xb2:~ %
>> >
>> > In a normal traceroute, you will see ALTER.NET at hop 5. Also, the
>> subnet
>> > 86.59.21.0/24 is not filtered on UUNET. A traceroute to 86.59.21.1
>> works:
>> >
>> > neel at xb2:~ % traceroute 86.59.21.1
>> > traceroute to 86.59.21.1 (86.59.21.1), 64 hops max, 40 byte packets
>> >  1  unknown (192.168.1.1)  0.863 ms  0.757 ms  0.579 ms
>> >  2  lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1)  1.010 ms
>> 1.545
>> > ms  1.034 ms
>> >  3  B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96)  3.616 ms
>> >     B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94)  5.696 ms
>> 10.062 ms
>> >  4  * * *
>> >  5  0.et-5-1-5.BR3.NYC4.ALTER.NET (140.222.2.127)  3.492 ms  3.506 ms
>> 2.996
>> > ms
>> >  6  204.255.168.118 (204.255.168.118)  8.462 ms  7.479 ms  7.252 ms
>> >  7  144.232.4.84 (144.232.4.84)  5.041 ms  4.688 ms
>> >     sl-crs3-lon-0-6-3-0.sprintlink.net (144.232.9.165)  71.865 ms
>> >  8  sl-crs2-lon-0-0-3-0.sprintlink.net (213.206.128.181)  72.214 ms
>> 73.579
>> > ms  72.339 ms
>> >  9  213.206.129.142 (213.206.129.142)  81.390 ms
>> >     sl-crs4-ams-0-7-0-3.sprintlink.net (213.206.129.139)  85.854 ms
>> 93.238
>> > ms
>> > 10  217.149.47.46 (217.149.47.46)  79.004 ms  85.669 ms  79.392 ms
>> > 11  ams5-core-1.bundle-ether1.tele2.net (130.244.82.54)  86.507 ms
>> 78.374
>> > ms  77.740 ms
>> > 12  ams-core-2.bundle-ether9.tele2.net (130.244.82.57)  79.642 ms
>> 77.926 ms
>> > 81.515 ms
>> > 13  wen3-core-2.bundle-ether15.tele2.net (130.244.71.47)  105.400 ms
>> > 105.089 ms  109.751 ms
>> > 14  tele2at-bundle2-vie3.net.uta.at (212.152.189.65)  122.716 ms
>> 110.820 ms
>> > 114.354 ms
>> > 15  86.59.21.1 (86.59.21.1)  106.389 ms *  105.379 ms
>> > neel at xb2:~ %
>> >
>> > I got in contact with Peter Palfrader and he says he couldn't help, and
>> also
>> > with Verizon FiOS support and they said the filtering 'isn't on
>> Verizon's
>> > network' (read: isn't on Verizon's internal FiOS network but still on
>> > Verizon's AS701 which I have to go to to get anywhere on the Internet
>> here).
>> >
>> > I know that this IP could have been blackholed, and you may think that
>> if
>> > Verizon is blocking it, then isn't Level 3 or Cogent? Well, Cogent
>> doesn't
>> > block tor26:
>> >
>> > traceroute to 86.59.21.38 (86.59.21.38), 30 hops max, 60 byte packets
>> >  1  gi0-1-1-19.5.agr21.jfk02.atlas.cogentco.com (66.28.3.113)  0.727 ms
>> > 0.727 ms
>> >  2  be2605.ccr41.jfk02.atlas.cogentco.com (154.54.1.153)  2.177 ms
>> > be2606.ccr42.jfk02.atlas.cogentco.com (154.54.2.29)  0.734 ms
>> >  3  be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)  68.557 ms
>> > be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)  70.829 ms
>> >  4  be12488.ccr42.ams03.atlas.cogentco.com (130.117.51.42)  74.570 ms
>> > be12194.ccr41.ams03.atlas.cogentco.com (154.54.56.94)  76.767 ms
>> >  5  be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)  74.515 ms
>> 74.612
>> > ms
>> >  6  149.6.129.250 (149.6.129.250)  80.758 ms  74.625 ms
>> >  7  ams5-core-1.bundle-ether1.tele2.net (130.244.82.54)  75.421 ms
>> 75.425
>> > ms
>> >  8  ams-core-2.bundle-ether9.tele2.net (130.244.82.57)  74.516 ms
>> 74.558 ms
>> >  9  wen3-core-2.bundle-ether15.tele2.net (130.244.71.47)  97.605 ms
>> 95.470
>> > ms
>> > 10  tele2at-bundle2-vie3.net.uta.at (212.152.189.65)  100.314 ms
>> 97.947 ms
>> > 11  86.59.118.145 (86.59.118.145)  96.918 ms  98.620 ms
>> > 12  tor.noreply.org (86.59.21.38)  97.853 ms  98.110 ms
>> >
>> > (Source: http://www.cogentco.com/en/network/looking-glass)
>> >
>> > It could be possible that other Tier 1 networks formerly blocked tor26,
>> and
>> > also unblocked, but Verizon was sloppy not to do so.
>> >
>> > It's also possible that Verizon could be doing it because the FCC
>> repealed
>> > Net Neturality, and wants to discourage use of Tor to mine FiOS/VZW
>> > customers' browsing habits. But despite a NN repeal I can still access
>> Tor
>> > on FiOS, and also run a relay (I do both) because other consensus
>> relays are
>> > still unblocked.
>> >
>> > But if Verizon didn't unblock tor26, could it actually mean that Verizon
>> > wants to discourage Tor (and VPN/proxy) use to try to mine information
>> of
>> > their customers (and sell ads/information) and direct users to VZ-owned
>> AOL
>> > and Yahoo? Well, I hope they were just sloppy and don't mean to wage
>> war on
>> > Tor.
>> >
>> > While I'm not saying you should avoid using anything Verizon at all
>> costs (I
>> > certainly wouldn't want to go to the local cable company), I just want
>> to
>> > point out a blocked consensus server.
>>
>> I'm seeing the same thing from the greater Baltimore, MD area:
>>
>> traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets
>>  1  172.16.3.1 (172.16.3.1)  0.172 ms  0.162 ms  0.115 ms
>>  2  lo0-100.BLTMMD-VFTTP-323.verizon-gni.net (100.16.216.1)  23.228 ms
>> 7.782 ms  2.901 ms
>>  3  B3323.BLTMMD-LCR-22.verizon-gni.net (100.41.222.240)  2.982 ms
>>     B3323.BLTMMD-LCR-21.verizon-gni.net (100.41.222.238)  1.702 ms
>>     B3323.BLTMMD-LCR-22.verizon-gni.net (100.41.222.240)  7.756 ms
>>  4  * * *
>>
>> 100.41.222.240 is AS19262.
>>
>> Thanks,
>>
>> --
>> Shawn Webb
>> Cofounder and Security Engineer
>> HardenedBSD
>>
>> Tor-ified Signal:    +1 443-546-8752 <(443)%20546-8752>
>> Tor+XMPP+OTR:        lattera at is.a.hacker.sx
>> GPG Key ID:          0x6A84658F52456EEE
>> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> --
> Matthew Glennon
> matthew at glennon.online
> PGP Signing Available Upon Request
> https://keybase.io/crazysane
>
-- 
Matthew Glennon
matthew at glennon.online
PGP Signing Available Upon Request
https://keybase.io/crazysane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180516/7d07e7fd/attachment-0001.html>

More information about the tor-relays mailing list