ExitPolicy abuse

Christopher Heschong chris at wiw.org
Wed Feb 9 01:12:44 UTC 2005


Over the last 2 days, my server has been sited twice for "abuse of AUP"  
by my ISP.  The first was a report from SpamCop that prompted them to  
shut down my access port!

Besides the fact that shutting down someone based on a single report  
from the notoriously inaccurate SpamCop is silly, I did some  
investigation.  The spam reported was actually posted through Google  
Groups via their HTTP interface to the Usenet network.  This is a  
possible spam propagation vector you server runners may want to take  
note of.

Here's one of the messages from google groups:

http://groups-beta.google.com/group/alt.make.money.fast/msg/ 
c6b998ea193e2fa2?dmode=source

(strangely, it isn't really an advertisement... but definitely not  
kosher)  Google should be able to track the spam itself back to the  
poster, but that doesn't keep you from getting on Stalinist spam  
blacklists.  (see Ed Felten's experience at  
http://www.freedom-to-tinker.com/archives/000014.html )

The second notice was from "The National Communications System (NCS),  
an agency of the US Department of Homeland Security (DHS)" informing my  
network provider that I had a virus or trojan.  The only details they  
provided was this: "Bots - unknown."  Again, this is somewhat  
ridiculous, but for those who buy space on other peoples networks, it  
can be a serious concern if they get notes from DHS claiming you're  
spreading viruses.

All of this has a pretty chilling effect, knowing that anyone with a  
grudge can report you to SpamCop and without any real validation your  
network provider will have no problems dropping you (although they did  
send an e-mail to my backup e-mail address telling me I had 1 hour to  
"respond" before disconnection).  Or worse, that the government can  
imply that suspicious network activity coming from your server is  
grounds to have your access yanked.

Unfortunately, I'm not rich enough to own my own network infrastructure  
these days.  Since the first "spam" allegation got me shut down for  
over 12 hours (mostly due to poor customer service at my network  
provider) I've had to make the painful (to me) decision to change my  
ExitPolicy to reject *:* and thought some others here might be  
interested.

I hope that others running tor servers who have the ability to combat  
this sort of network muzzling will do so.  Exit nodes are where the tor  
rubber meets the road, imho, and network AUP bullying is totally  
shameful (please conveniently ignore the fact that I caved at the first  
sign of problems... :)  Anonymous access to network resources is a  
vital tool for liberty, so those who can push back on this sort of  
abuse (and by abuse I mean being beaten up with an AUP stick), please  
push a little harder for us little guys.

--
/chris/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2355 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050208/34a8cb1a/attachment.bin>


More information about the tor-talk mailing list