[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Traffic shaping on exit nodes (appeasing automated network monitoring systems)



I had a less-than-amusing conversation with my ISP this week about how
my Tor exit node was performing "network scans".  As far as I can tell,
their definition of "network scan" comprises anything from "knocking on
the same port on every machine in a /8" to "creating lots of legitimate
connections to the same port in a /8".

Obviously, their network monitoring system is too trigger-happy, but
there is nothing I can do about that.

Do other relay operators have traffic-shaping solutions that make
legitimate (and not-so-legitimate) Tor traffic look less like network
abuse?

I've reconfigured my exit to be a non-exit for the time being.  I'm more
than happy to be an exit (and field genuine abuse complaints), but I'd
prefer not to trigger automated network abuse monitoring systems (too
often).

Any tips?

My node is running FreeBSD with ipfw and dummynet, if someone happens to
have ready to copy/paste settings. ;-)

Philip

-- 
Philip Paeps
Senior Reality Engineer
Ministry of Information
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays