Tor relay shutted down by ISP

Ringo Kamens 2600denver at gmail.com
Wed Feb 20 16:34:40 UTC 2008 

Thanks for keeping us updated. If you ever need money for legal fees, a
support campaign, or anything like that: let me know. I can round up a lot
of assistance through BinaryFreedom and the Anarchist Black Cross.
Comrade Ringo Kamens
Armed Division, 35th Parallel

On Feb 20, 2008 11:22 AM, Tom Hek <tomtorexitnode at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello fellow Tor relay admins,
>
> I run several Tor relays on residential DSL connections. This morning my
> dad called me, telling me that my ISP had disconnected us from the
> Internet because of a Trojan running on my systems (I wasn't at home at
> that moment ;)). They had received a abuse complainant that one of my
> boxes on this DSL connection was on a botnet.
>
> I checked the timestamp of the log they sended to me with the uptime of
> the computers. Only the computer that was running a Tor node was online.
> It was pretty obvious that the botnet connections were coming from this
> box. The box was clean, had no rootkits installed or other malicious
> software, so it was Tor, relaying a connection for a bot.
>
> My ISP didn't knew what Tor was and asked if "that Tor" logged the
> connections that were running through it. I told them Tor was an
> anonymity system so it doesn't keep any logs of the traffic that's going
> through it. They were confused, they told me that every decent Tor relay
> keeps a log of the connections running through it.
>
> I'm living in The Netherlands, running this Tor node on the ISP XS4ALL.
> XS4ALL is one of the ISP's with the most knowledge of the internet and
> the things happening on the internet. I'm pretty shocked that they
> didn't knew about Tor. I want to alert all the Tor relay admins that are
> running Tor nodes on a connection from XS4ALL to be prepared to get
> disconnected, because they think there is a trojan or rootkit running on
> your system..
>
> XS4ALL restored the DSL line but I had to promise that it wouldn't
> happen again..
>
> Tom Hek
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAke8U7wACgkQStmJ9+mkUHNdigCdGxiIcOqMjD2jThp03KmlVP8x
> s0YAnRRECJrxX/XiGIrg/fJpiadsYYKQ
> =n7vE
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080220/ba84b4c7/attachment.htm>

More information about the tor-talk mailing list