[tor-relays] Suspension of service (ISP Scaleway / tor exit)
Nathaniel Suchy
me at lunorian.is
Tue Sep 4 20:51:57 UTC 2018
I run a "browser-only" exit relay at Scaleway, by "browser-only" I mean
only ports 53 (DNS), 80 (HTTP), 443 (HTTPS) and so far it's gone well.
Their support recommends if you run "an open proxy" to check your abuse
inbox daily (See: https://cloud.scaleway.com/#/abuses) as they will suspend
after 48 hours without a response. Still someone could try to send a syn
flood on those ports. Is there any guidance on dropping outgoing syn floods
with netfilter/iptables?
Cordially,
Nathaniel
On Tue, Sep 4, 2018 at 4:30 PM Volker Mink <volker.mink at gmx.de> wrote:
> Had the same experience with Scaleway a year ago.
>
> > Am 04.09.2018 um 22:27 schrieb Olaf Grimm <jeep665 at posteo.de>:
> >
> > Dear readers,
> >
> > some days ago I change my relay to an exit relay with a very strict
> > policy. Today came the suspension message into my regular mail account.
> > After login into the Scaleway account I saw that the time between the
> > abuse log message and the deactivation of my exit relay were 6 hours
> > only. At these time I was at work! I was not able to react of the
> > message, neither I knew it.
> >
> > The "abuse message" was a raw firewall log, without spaces hard to read.
> > I'm not a professional, so I could read only "SYNFLOOD src IP xxxx dest
> > IP xxxx". That's all.
> > After I learnt what this is, I responded to the provider that good
> > providers realize own DDOS protection in the network and protect
> > customers too. Why log the provider bad outgoing traffic and ignore bad
> > incoming traffic? They don't know the source of the bad traffic, but
> > have the customer to beat someone!
> > The answer field for the reply were some lines only. Without comment
> > from the ISP the ticket was closed and the VPS locked yet.
> > I try to delete the old instance and build a new one. If the same occur
> > I leave Scaleway (and give info about that again).
> >
> > Now I recommend to set the ISP Scaleway (in France) of the list of bad
> > providers.
> >
> > Scaleway message:
> >
> > Hello,
> >
> > We have tried to contact you about an abuse report concerning one of
> your server. Unfortunately at this time you did not reply to this report.
> As stated in our terms of service, we have suspended your account.
> >
> > Sincerly,
> > Scaleway
> >
> > End message
> >
> >
> > To avoid a big shitstorm: I know what I do and it is not my first and
> only exit. Scaleway was the first trouble and in such a way, that I must
> leave a comment.
> >
> > To the tor website editors:
> > It is possible to include a basic abuse protection chapter in the tor
> documentation (config guide)? I've found some iptable rules, but I use the
> user-friedly "ufw", the overlay to iptables.
> > It would be fine if some good guys could help with an easy configuration
> guide in the config chapter for tor relays.
> >
> > Have a good time. I feel me better.
> >
> > Olaf
> >
> >
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180904/c5791f3d/attachment.html>
More information about the tor-relays
mailing list