Hello,
It's worth noting that these
abuse reports are not a Hetzner issue. They, just like all
major operators have a legitimate reason to keep monitoring
their network. This is also not just about all Tor operators.
These abuse reports are issued as a result of the operation of
a single Tor operator.
All the abuse reports I receive (and frequently) are for 64.65.62.0/24 and less frequently from 64.65.1.0/24 and 96.9.98.0/24 all of which are served and operated by a single Tor operator.
If out of over 9400 Tor relays
in operation, only the ones operated by a single operator
cause these reports, it is safe to assume it's not necessarily
Tor related but operator related. There are major operators
operating great number of IP addresses and I can safely say I
have never received an abuse report regarding any of those.
My guess is that each of these
blocks of IPs are served on a single server. Each time the
server is rebooted the network loses a whole block of Tor
relays -- and not so gracefully -- and due to the number of
those servers, Each operator that's connected to those IP
addresses keep sending packets to port 443 (Or Port) in an
attempt to discover what happened and try to reconnect. Those
multiple attempts on the whole block of IP addresses
justifiably are flagged as port scans of a whole block.
Perhaps shutting down each relay individually and gracefully
before a reboot could allow the network to adjust to the loss
gradually?
The most recent abuse report I received was for 64.65.62.0/24 about 3 days ago and looking at those relays you can tell the server was rebooted at that time. Unfortunately because I was away and didn't have time to respond to the report, one of my IP addresses was blocked and my relay become inoperable. It is now unblocked (took about a few minutes to get it unblocked) and all is well but this whole thing is becoming quite annoying and I can't blame Hetzner for that and I can certainly not ask them to change their whole security practice pretending that this a Tor issue when it's something that's caused by a single operator.
As for how to deal with it, simply click on
the retest link in the abuse report. The ticket will be
closed and they'll ask for a statement from you and you
can copy and paste the same response over and over again
and you'll be fine.
Cheers
Good evening,
Apologies as this is likely the incorrect way to do things. I'm not fantastic with mailing lists. I saw on tor forum that some people were getting these netscan emails from hetzner.
I got my first a few months ago and I just got my second one about an hour ago. Both times it was to the 1st amendment group IP addresses. Last time I just clicked their check button and it passed and then I gave reasoning in the next link. For some reason it doesn't seem to be liking when I click the first link this time and keeps saying not solved. I don't know what my best course of action is. I've gotten 2 reports for hetzner for a guard and 0 for netcup for an exit relay :( I saw in the forum post (which is to a clone of the mailing list) about temporarily blocking tor but that feels a bit deceptive so I don't really want to go down that route. The best thing though it may be a long process as there may be a potential harm to how circuits are built negatively affecting user anonymity is for the tor program to operate in a manner so that it doesn't look like a netscan to some sensitive providers like hetzner even though we know it isn't a netscan anyways.
If this issue keeps coming up with hetzner I may look at not hosting a tor relay with them because I have a lot of stuff on this server like my personal website and project mirrors and such and don't want those to be negatively affected due to a unjust IP ban by hetzner for running a tor relay.
Any advice?
Kind regards,Diyar Ciftci
_______________________________________________ tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx
_______________________________________________ tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx