[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] abuse reports from shadowserver.org



Hey Mike,

thank you for your support.

On Sat, Mar 19, 2011 at 06:16:45PM -0700, Mike Perry wrote:
> It is quite possible that lunatics like these will just make up abuse
> reports and send them to ISPs that look like they might cave. It is
> very interesting that our higher bandwidth exits that *do* exit to IRC
> are not hearing from them right now.

I still don't understand why they report an IRC bot if the target port
is port 80.
 
> What is their network topology like? Do they cycle through their
> honeypots?

I don't know. How could we find out?

> iptables is especially bad if you have the situation where what was
> once a honeypot one week turns into a legitimate server the next.
> OTOH, exit policy is bad if you end up with a ton of entries in it... 

Yes, I agree. Up to now it's only the 8 IPs that Damian obtained from
robtex. I block them both via exit policy and iptables (just to be
sure...)
 
> This may be an issue. If the zealots believe that they can intimidate
> your ISP to knock you offline, they may keep sending nonsense reports
> to do so, declaring victory that one more tor node bites the dust...
> Not sure what to tell you about this. If they succeed, perhaps it's
> just new ISP time? 

I think, the larger problem then is that "one more ISP bites the dust".

Let's see what happens.

regards

Alex

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays