SORBS still sucks (was: Connections to botnet masters)

xiando xiando at xiando.com
Mon Aug 27 21:30:22 UTC 2007


> Some times ago we have a thread about SORBS and many exit nodes were
> listed in this DNSBL with the attribut "trojan hacked". Conclusion of
> the thread was: "They have no glue!"

They still have no clue.

> Google sometimes does not work with several exit nodes and give you the
> message "You may have a virus or malware, please clean your computer!"
> (or something like that).

I use http://www.scroogle.org/ to search Google, regardless of doing so 
through Tor or not. And they don't have this connection limit mikey mouse 
bullshit Google has. It also shows 100 results pr. page by default (so you 
don't have to add num=100 when searching Google, which is their max pr. page) 
and the page layout is way cleaner. I've also e-mailed a bit with mr. Brandt 
(who runs him) and I trust him (which is no reason why you or anyone should, 
but hey, if you use Tor then you don't need to).

> I have changed the exit policity of my node and now it is no longer
> listed in SORBS and works fine with Google. May be, this is not a good
> solution. Any other suggestions?

My personal opinion is that you should simply educate people on how SORBS 
blacklists huge IP-ranges and huge amounts of IPs based on absolutely nothing 
and that 90% of their blacklist is totally innocent IPs. I used SORBS until I 
became aware of this, now I know and now I don't use them - and I always 
mention this if people ask me what blacklists they should/shouldn't use.

Let SORBS blacklist whatever they want. Just document it and tell people about 
it and when enough people know and nobody uses it then it doesn't matter if 
they and their 5 users are blacklisting the whole internet.

--xiando(tm).



More information about the tor-talk mailing list