Tor nodes blocked by e-gold

Tony Tony at tdrmail.co.uk
Fri Apr 27 18:56:35 UTC 2007


It has changed since SORBS blacklisted my TOR node then. It said it was
Trojan infected or a zombie host at the time. I was told that this was
triggered by just connecting to certain IRC networks.

Maybe they have finally fixed their system.


Regards,

Tony.

-----Original Message-----
From: owner-or-talk at freehaven.net [mailto:owner-or-talk at freehaven.net]
On Behalf Of Michael Holstein
Sent: 27 April 2007 19:47
To: or-talk at freehaven.net
Subject: Re: Tor nodes blocked by e-gold

> SORBS marks TOR servers as zombie spammers I believe.

Um, in the interest of settling this argument :

grep router cached-routers |grep -v signature |awk -F " " '{print "host 
"$3".dnsbl.sorbs.net"}' |sh

(most return NXDOMAIN, meaning not listed by SORBS). The ones that do, 
return the database in which they're listed as the last octet.

	  http.dnsbl.sorbs.net    127.0.0.2
	 socks.dnsbl.sorbs.net    127.0.0.3
	  misc.dnsbl.sorbs.net    127.0.0.4
	  smtp.dnsbl.sorbs.net    127.0.0.5
       new.spam.dnsbl.sorbs.net    127.0.0.6
    recent.spam.dnsbl.sorbs.net    127.0.0.6
       old.spam.dnsbl.sorbs.net    127.0.0.6
	  spam.dnsbl.sorbs.net    127.0.0.6
    escalations.dnsbl.sorbs.net    127.0.0.6
	   web.dnsbl.sorbs.net    127.0.0.7
	 block.dnsbl.sorbs.net    127.0.0.8
	zombie.dnsbl.sorbs.net    127.0.0.9
	   dul.dnsbl.sorbs.net    127.0.0.10
        badconf.rhsbl.sorbs.net    127.0.0.11
	nomail.rhsbl.sorbs.net    127.0.0.12

Of the 887 IPs I have in my cached-routers file, 709 return NXDOMAIN. 
The others :

0	http.dnsbl.sorbs.net
0	socks.dnsbl.sorbs.net
0	misc.dnsbl.sorbs.net
0	smtp.dnsbl.sorbs.net
2	*.spam.dnsbl.sorbs.net
0	web.dnsbl.sorbs.net
0	block.dnsbl.sorbs.net
0	zombie.dnsbl.sorbs.net
46	dul.dnsbl.sorbs.net
0	badconf.rhsbl.sorbs.net
0	nomail.rhsbl.sorbs.net

So, according to SORBS, they're blacklisted because they're in dynamic 
IP ranges

Cheers,

Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University



More information about the tor-talk mailing list