[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Re: Hetzner Netscan False Positives

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-relays] Re: Hetzner Netscan False Positives
From: Ralph Seichter via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 04 Jan 2026 08:21:26 +0100
In-reply-to: <zmUlTwDb4ImWanVgY0Qeqk9sNmb-U7RRvokmYi2XmazdynRluJ1ZEMWKGOfi8m5lV2u7Vkog9hnOm8OCKggHJ50U7DI3TUINTcLqaQhTBzo=@1aeo.com>
List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
References: <08b6d180-b921-49e4-9832-d26d8258c279@appliedprivacy.net> <ca17b048-c98a-4979-6aa3-2e279b2693a2@wcbsecurity.com> <mxJ6V2LD8XBHn4A7-vGsluo4e07COEwbslqSlfo22vTdLEnaVEBQqVo-2nTOM-iu-fnaTj_OxfYiZ9dxT8sgBUpbUrI7ndfhBPqgCl-_k0E=@protonmail.com> <91f2b040-1a63-4f58-b4db-9691e1f6acc4@bruzzzla.de> <zmUlTwDb4ImWanVgY0Qeqk9sNmb-U7RRvokmYi2XmazdynRluJ1ZEMWKGOfi8m5lV2u7Vkog9hnOm8OCKggHJ50U7DI3TUINTcLqaQhTBzo=@1aeo.com>
Reply-to: Ralph Seichter <ralph@xxxxxxxxxxxxxx>

* Tor at 1AEO via tor-relays:

> A few clarifications, grounded in Tor Project guidance: [...]
>
> - Tor’s community resources note that relay operators should “try to
> avoid the following hosters,” listing Hetzner, based on documented
> operational friction reported by relay operators
> https://community.torproject.org/relay/community-resources/good-bad-isps/

That's misleading at best. The reason Hetzner is named as one of a few
ISPs to possibly avoid, and which you chose not to quote, is this:

  For network diversity and stronger anonymity, you should avoid
  providers and countries that already attract a lot of Tor capacity.
  [...] These hosts already have many Tor nodes being hosted there.

I have hosted Tor relays on Hetzner for many years, am still doing so
now, and I did not experience "operational friction". On the contrary.
Hetzner are in fact Tor-friendly. Even their legal department told me
that running Tor nodes is fine as long as they don't negatively impact
Hetzner's infrastructure.

The main problem is that >100 IPv4 addresses in *your* single /24 network
have been unreachable several times during 2025. Hetzner's automated
tools interpret connection attempts to so many hosts in a /24 in a short
timeframe (originating from a given Hetzner based Tor node) as a possible
network scan, which is fair enough. That's just erring on the side of
caution, and they are notifying their own customers of a non-standard
traffic pattern.

I am positive that if you split your nodes across a more varied IPv4
address space, false alerts could be mitigated. I do appreciate what you
do for the Tor network, but please don't attempt to throw shade on
Hetzner. They are simply trying to run a responsible hosting business.

-Ralph
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- [tor-relays] Re: Hetzner Netscan False Positives
  - From: Tor at 1AEO via tor-relays

References:
- [tor-relays] Re: Hetzner Netscan False Positives
  - From: Chris Enkidu-6 via tor-relays
- [tor-relays] Re: Hetzner Netscan False Positives
  - From: Diyar Ciftci via tor-relays
- [tor-relays] Re: Hetzner Netscan False Positives
  - From: Manu via tor-relays
- [tor-relays] Re: Hetzner Netscan False Positives
  - From: Tor at 1AEO via tor-relays

Prev by Author: [tor-relays] Re: Hetzner Netscan False Positives
Next by Author: [tor-relays] Re: Tor Relay Operator Meetup at 39c3
Previous by thread: [tor-relays] Re: Hetzner Netscan False Positives
Next by thread: [tor-relays] Re: Hetzner Netscan False Positives
Index(es):
- Author
- Thread