[tor-relays] BadExit

gerard at bulger.co.uk gerard at bulger.co.uk
Thu Mar 26 14:06:30 UTC 2020 

"btw, you need to have at least port 80 and 443 … port 80 is missing …"

It there. But to a /8 area IPV4, all IPv6

I have not changed my exit policy for years.  Port 80 is there, just limited to a  /8  network and all IPv6 addresses port 80 allowed.
443 all there IPv4 and IPv6

Testing seems to be exiting OK, but badexit tag still there.


Gerry


-----Original Message-----
From: tor-relays <tor-relays-bounces at lists.torproject.org> On Behalf Of niftybunny
Sent: 26 March 2020 12:49
To: tor-relays at lists.torproject.org
Subject: Re: [tor-relays] BadExit

btw, you need to have at least port 80 and 443 … port 80 is missing …

Cheers,

niftybunny


> On 25. Mar 2020, at 23:28, gerard at bulger.co.uk wrote:
> 
> George
> 
> Thanks
> 
> My exit, still badexit, is  51AE5656C81CD417479253A6363A123A007A2233  
> and I did get an email which I missed, as it is simply failing to 
> exit, Implying my ISP was doing something before they told me.  Seems 
> to be exiting from my local port now.
> 
> 
> 
> 
> 
> -----Original Message-----
> From: tor-relays <tor-relays-bounces at lists.torproject.org> On Behalf 
> Of Georg Koppen
> Sent: 24 March 2020 18:21
> To: tor-relays at lists.torproject.org
> Subject: Re: [tor-relays] BadExit
> 
> Hi!
> 
> gerard at bulger.co.uk:
>> Oh the shame!   Never had that tag on my exit before.
> 
> Sorry to hear. :(
> 
>> 
>> 
>> I assume it was due to a bad boy attacking an IP, pointed out by my 
>> ISP,
> and
>> the ISP put my server "under mitigation".    I assume some filtering,
> which
>> of course would have looked bad to TOR users.
>> 
>> 
>> 
>> I did not spot the ISP's email for 30 minutes, but then I was able to 
>> block the offended IP.  Within minutes of doing that the ISP said 
>> attack stop and my server was removed from mitigation.  However the 
>> next day badexit tag on my exit and remains there
>> 
>> 
>> 
>> How long does the tag last?
> 
> So long as the Directory Authorities assign it.
> 
>> 
>> 
>> I go to my other, overseas exit, a family member, to see the tag is aslo
>> applied there to.    Do family members get tarred with the same brush?
> 
> It depends on the reason for badexiting.
> 
>> 
>> 
>> I have turned both into relays for the time being.
>> 
>> 
>> 
>> 
>> 
>> Or have I got this wrong.   Is it a  DNS thing?  Are no some DNS providers
>> causing issues forcing the tag?   I am not using opendns.
> 
> It could be a DNS thing, I am not sure. I recently pushed a commit 
> that leads to some exits getting that flag. I tried to contact all the 
> relay operators beforehand (some did not have any ContactInfo set) but 
> I got almost no reply back. For details see [1].
> 
> What's the fingerprint of your relay that got the badexit flag?
> 
> Georg
> 
> [1] https://trac.torproject.org/projects/tor/ticket/32864
> 
>> 
>> 
>> Gerry
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list