[tor-talk] Warning: ISP resurrected old tor node

Roger Dingledine arma at mit.edu
Fri Aug 17 07:40:50 UTC 2012


On Thu, Aug 16, 2012 at 09:18:50PM -1000, Name Withheld wrote:
> I notice some of the tor directories are showing my old server as
> being online and routing traffic.  That server:
> 
> *Router Name:* 	00routin0packets
> *Fingerprint:* 	DD03 46F6 56DA 5F0E C9F6 5D7B FE56 38DA F3FB 2F6B
> 
> 
> IP: 95.211.153.115
> 
> I lost control of that server over a month ago when the ISP
> (Seedmonster) forced me offline for forum spam abuse complaints from
> the tor traffic.  I initially thought this was just some kind of
> weird statistics-ghost, but it looks like it really is still routing
> traffic.

Agreed, it does appear to be.

>  The tor config the server is using still has me listed as
> the administrative contact (even though I can't log in and it was
> previously offline), so it's clear that it's my old VPS at that ISP.

Fun.

> Now, I don't know for certain that this is in any way nefarious --
> maybe the host accidentally reactivated the VM it was running on or
> something (I had everything configured to autostart on boot).
> However, I've never heard of an ISP giving out "free" service like
> this, so I wanted to put out a notice that this server isn't being
> controlled by a tor operator, so it could plausibly be up to no
> good.

Thanks. I say we let it run for a while and see what happens. Tor's
"distributed trust" design means that no single server can do too
much damage to anonymity. (They could perhaps be trying to watch the
exit traffic, but if they wanted to do that, why not just let you keep
running it?)

> It just seems a little weird that they would restart the server of a
> customer they kicked out and let it keep running for over a week
> without noticing.

Sounds to me like you're describing a growing ISP.

> On the up side, hey, free bandwidth for the swarm.

Yes indeed.

--Roger



More information about the tor-talk mailing list