[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Blocking Shadowserver honeypots



Hi Alexander. Thanks for running a relay!

> If yes, I wanted to ask if anybody knows a way to check every outgoing TCP
> connection for connecting to *.sinkhole.shadowserver.org and dropping it
> if needed.

I haven't seen any complaints about this with Amunet. The exit policy
doesn't accept hostnames (nor wildcards in them) so your best bet is
probably to just reject connections to their current honeypots and add
more if you keep getting complaints. Here's what robtex reports for
the sinkhole subdomains:
74-208-15-160.sinkhole.shadowserver.org
74-208-15-97.sinkhole.shadowserver.org
74-208-164-166.sinkhole.shadowserver.org
74-208-164-167.sinkhole.shadowserver.org
74-208-64-145.sinkhole.shadowserver.org
74-208-64-191.sinkhole.shadowserver.org
87-106-24-200.sinkhole.shadowserver.org
87-106-250-34.sinkhole.shadowserver.org

so ExitPolicy reject 74.208.15.160, reject 74.208.15.97, reject
74.208.164.166... etc

Cheers! -Damian

PS. We also have a tor-relays list you might find a bit more helpful
for this sort of question:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays/
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk