[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: shadowserver.org

To: or-talk@xxxxxxxx
Subject: Re: shadowserver.org
From: 7v5w7go9ub0o <7v5w7go9ub0o@xxxxxxxxx>
Date: Mon, 14 Jun 2010 20:50:00 -0400
Cc: or-talk@xxxxxxxxxxxxx
Connect(): No such file or directory
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 14 Jun 2010 20:52:00 -0400
In-reply-to: <AANLkTikIT9t0Atey4at6TxgnkZ5RRpx4yRv8vX44lrwW@xxxxxxxxxxxxxx>
References: <20100614140232.GA22863@xxxxxxxxxxxx> <hv67e8$6oo$1@xxxxxxxxxxxxxxx> <20100614222720.GC10598@xxxxxxxxxxxx> <AANLkTikIT9t0Atey4at6TxgnkZ5RRpx4yRv8vX44lrwW@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 06/14/10 18:52, John Brooks wrote:
[]
>> ........ And second, the exit policy of my node does not allow
>> IRC.
>>
>> For me this makes no sense at all.
>>
>
> From my experience, shadowserver has a habit of being overzealous
> like this. I've never dealt with them in the context of Tor, but I
> had an experience trying to get them to remove a large, legitimate
> IRC network from their blacklists awhile ago (apparently, some
> wireless providers use these blacklists to block traffic by IP). My
> impression is that anything that they consider to be even
> peripherally related to botnet or spam activity gets blacklisted and
> reported, without much further investigation. I was told that they
> removed those servers from their blacklists, but as of now (many
> months later), they are still listed.
>
> Many ISPs are willing to simply ignore automated and often-incorrect
>  abuse reports like these.

Given that tor-readme.spamt.net does not allow IRC, this may indeed be a
false alarm. "Details" are necessary to understand what may, or may not
have happened!

Perhaps a gentle offensive would be appropriate in this situation!? e.g.

-  A letter to server4you (cc to shadow) re-emphasing tor's commitment
to legitimate use, and educating them about "automated and
often-incorrect abuse reports!? The objective of this gentle offensive
would be to add server4you to that list of ISPs that ignores
shadowserver alarms.

This begs the question, does anyone have a well-written letter and/or
links to articles documenting honey-pot/shadowserver false positives?
Perhaps a well-constructed letter would be something that could be
maintained at the TOR home page; available to other nodes in similar
situations!?

(Also, perhaps TOR should additionally start documenting cases of false
positives - it may become very useful when the next political onslaught
against anonymity becomes active.)

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- shadowserver.org
  - From: alex-tor
- Re: shadowserver.org
  - From: 7v5w7go9ub0o
- Re: shadowserver.org
  - From: alex-tor
- Re: shadowserver.org
  - From: John Brooks

Prev by Author: Re: shadowserver.org
Next by Author: Sending CREATE and CREATED cells
Previous by thread: Re: shadowserver.org
Next by thread: Re: shadowserver.org
Index(es):
- Author
- Thread