[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

ExitPolicy abuse

To: or-talk@xxxxxxxx
Subject: ExitPolicy abuse
From: Christopher Heschong <chris@xxxxxxx>
Date: Tue, 8 Feb 2005 20:12:44 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 08 Feb 2005 20:13:48 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Over the last 2 days, my server has been sited twice for "abuse of AUP" by my ISP. The first was a report from SpamCop that prompted them to shut down my access port!

Besides the fact that shutting down someone based on a single report from the notoriously inaccurate SpamCop is silly, I did some investigation. The spam reported was actually posted through Google Groups via their HTTP interface to the Usenet network. This is a possible spam propagation vector you server runners may want to take note of.

Here's one of the messages from google groups:

http://groups-beta.google.com/group/alt.make.money.fast/msg/ c6b998ea193e2fa2?dmode=source

(strangely, it isn't really an advertisement... but definitely not kosher) Google should be able to track the spam itself back to the poster, but that doesn't keep you from getting on Stalinist spam blacklists. (see Ed Felten's experience at http://www.freedom-to-tinker.com/archives/000014.html )

The second notice was from "The National Communications System (NCS), an agency of the US Department of Homeland Security (DHS)" informing my network provider that I had a virus or trojan. The only details they provided was this: "Bots - unknown." Again, this is somewhat ridiculous, but for those who buy space on other peoples networks, it can be a serious concern if they get notes from DHS claiming you're spreading viruses.

All of this has a pretty chilling effect, knowing that anyone with a grudge can report you to SpamCop and without any real validation your network provider will have no problems dropping you (although they did send an e-mail to my backup e-mail address telling me I had 1 hour to "respond" before disconnection). Or worse, that the government can imply that suspicious network activity coming from your server is grounds to have your access yanked.

Unfortunately, I'm not rich enough to own my own network infrastructure these days. Since the first "spam" allegation got me shut down for over 12 hours (mostly due to poor customer service at my network provider) I've had to make the painful (to me) decision to change my ExitPolicy to reject *:* and thought some others here might be interested.

I hope that others running tor servers who have the ability to combat this sort of network muzzling will do so. Exit nodes are where the tor rubber meets the road, imho, and network AUP bullying is totally shameful (please conveniently ignore the fact that I caved at the first sign of problems... :) Anonymous access to network resources is a vital tool for liberty, so those who can push back on this sort of abuse (and by abuse I mean being beaten up with an AUP stick), please push a little harder for us little guys.

--
/chris/

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Follow-Ups:
- RE: ExitPolicy abuse
  - From: Michael Laccetti
- Re: ExitPolicy abuse
  - From: SK

Prev by Author: Re: ExitPolicy abuse
Next by Author: Tor Network response slowing to zero
Previous by thread: bug report
Next by thread: RE: ExitPolicy abuse
Index(es):
- Author
- Thread