[tor-talk] Don't use sectoor

obx obx at riseup.net
Wed Sep 17 14:34:42 UTC 2014 

Thanks for your nice reply.

I've removed the offending port and it got accepted in the consensus
about 12h ago. Can you provide some information how long it takes until
the network isn't listed anymore?

Thanks in advance.

On Wed, Sep 17, 2014 at 08:49:05AM +0200, Sven Michels wrote:
> Hi there,
> 
> just in case, since i'm not subscribed to tor-talk, maybe you can forward the
> mail to the list if it doesn't appear there somehow else?
> 
> To clearify a few things, we often have to clearify, which means that the
> information on our info page is not clear enought as we think, let me explain
> a bit about the listing and the ports.
> 
> First of all: the listing of the "whole class c" is done to rise awareness
> in case someone comes from a network hosting a tor node. This was established
> in the early beginning of the list due to the fact, that some nodes have
> more than one exit IP address, or randomized their exit address somehow to
> add more privacy. Since the list was mainly used by irc networks and using
> "BOPM", we added this feature on request, case it was usefull. Using BOPM
> it's easy to difference between "subtypes" of listing. If someone is familiar
> with DNSBLs, they might know that the DNS record may contain different IPs
> to distinguish between different types of listing within the same DNSBL.
> 
> Thats what we used to allow people to rise an alarm or add some "points" to
> a scoring system in case someone connects from a tor hosting network. So in
> case we detect a working node on an IP, we add the IP itself to the DNSBL
> using 127.0.0.1 as record AND additionally the network hosting the node with
> 127.0.0.2 as record. We also told everyone that the second part is *NOT*
> usefull for blocking people somehow. If someone do so, its their choice. We
> just provide the information.
> 
> But it always seemd, that people just put our list into some software as a
> "fire and forget" thing. We contacted a few hundred admins in the last years
> about this issue ad all of them where like "oh, i didn't know that this type
> if possibility even exists."
> 
> Ok, there was one other issue, which popped up a lot of times: some people on
> IRC don't use BOPM, instead they use opsb from neostats. This piece of software
> don't support reply types at all. So we contacted them and they told us, it would
> be to hard to implement (oh really). So we provided another list, called
> exitnodes.tor.dnsbl.sectoor.de
> which *only* contains the nodes itself, no network listing. They nearly immedially
> checked this in their CVS (long long ago), because they provide the list as
> default. Sadly, from what i know, it has now been about 8 years since they
> "added" this information to their code but never published it. So we also
> told a lot of IRC admins to change their opsb config with success.
> 
> So the answer for the guessing is, that there are ways to use more than one
> exit ip address, which might not be public known (except you use the node
> and find it by yourself). And we offer this information to allow people to
> take a deeper look in case someone connects from such an IP.
> 
> Next was on your other mail, you found the port annoying:
> Also from a couple of years back, we asked all our users to tell us their
> default settings for offering services. Freenode for example was (or is?) on of
> our users. And they offered irc services on ports 8000-8004. So this is the reason
> why we added this port range to our listing reasons.
> 
> We also publish all those information to help people get removed from the list or
> avoid beeing listed. Also this list has now been around for more than 8 years,
> used by many irc networks and even other services (there is also a version for
> web related ports) and at least the admins are happy with it.
> 
> I understand, that in first place, you might get upset if you get blocked or
> listed somewhere without knowing about. But thats why we created the webpage.
> 
> If the page is not clear enought, we're open for suggestions. We'll also happy
> to extend or change the list, as long as the main version works like it was
> designed about 9-10 years ago (due to the fact that many people using it and
> even developers didn't push our change to their code within 8 years).
> 
> So, hopefully, this issue is a bit more clear now.
> 
> if you have more issues, questions, whatever, feel free to ask.
> 
> Best regards,
> Sven Michels
> 
> Am 16.09.2014 um 22:55 schrieb obx:
> >Dear tor-talk, Dear sectoor,
> >
> >I'm running a tor-exit at a small provider. Another customer at the same
> >provider complained they got blacklisted by sectoor for operating a
> >tor-exit. This customer doesn't run a tor server and didn't run a tor
> >server in the past.
> >
> >Hence, they got blacklisted as tor-exit.
> >
> >I did some lookups and it looks like you banned the whole class C.
> >
> >Why?
> >
> >There's no need to "guess" since the list of tor exits is public
> >information.
> >
> >Please understand that is level of irresponsible management on your
> >site, sectoor, can destroy the reputation of smaller providers.
> >
> >I expect you fix this instantly.
> >
> 
> -- 
> sectoor GmbH - Sven Michels       <*>    eMail: smichels(at)sectoor.de
> Geschaeftsfuehrer: Sven Michels   <*>    Web  :  http://www.sectoor.de
> Huehnerweg 18                     <*>    Tel  :    +49 (0)69 9637 6000
> D - 60599 Frankfurt am Main       <*>    Fax  :    +49 (0)69 9637 6006
> Amtsgericht Frankfurt / HRB 57106 <*>   St.Nr.:          045 243 23058

More information about the tor-talk mailing list