Tue Jun 15 00:50:00 UTC 2010

On 06/14/10 18:52, John Brooks wrote:
>> ........ And second, the exit policy of my node does not allow
>> IRC.
>> For me this makes no sense at all.
> From my experience, shadowserver has a habit of being overzealous
> like this. I've never dealt with them in the context of Tor, but I
> had an experience trying to get them to remove a large, legitimate
> IRC network from their blacklists awhile ago (apparently, some
> wireless providers use these blacklists to block traffic by IP). My
> impression is that anything that they consider to be even
> peripherally related to botnet or spam activity gets blacklisted and
> reported, without much further investigation. I was told that they
> removed those servers from their blacklists, but as of now (many
> months later), they are still listed.
> Many ISPs are willing to simply ignore automated and often-incorrect
>  abuse reports like these.

Given that does not allow IRC, this may indeed be a
false alarm. "Details" are necessary to understand what may, or may not
have happened!

Perhaps a gentle offensive would be appropriate in this situation!? e.g.

-  A letter to server4you (cc to shadow) re-emphasing tor's commitment
to legitimate use, and educating them about "automated and
often-incorrect abuse reports!? The objective of this gentle offensive
would be to add server4you to that list of ISPs that ignores
shadowserver alarms.

This begs the question, does anyone have a well-written letter and/or
links to articles documenting honey-pot/shadowserver false positives?
Perhaps a well-constructed letter would be something that could be
maintained at the TOR home page; available to other nodes in similar

(Also, perhaps TOR should additionally start documenting cases of false
positives - it may become very useful when the next political onslaught
against anonymity becomes active.)

