[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: ExitPolicy abuse

Strangely I had exactly the same two reports against my Tor server

1- 2005-01-26 19:35:04 unknown, bots
2 - Google Groups posting via their HTTP interface (eg. on Sun, 6 Feb
2005 11:43:32 +0000 (UTC))

After the 1st incident was reported to me, I changed the exit policy
to block IRC because I reasoned that the bot could be an IRC based on.
Changing the exit policy to allow only 80, 443 and 22 I thought I will
be fine, until the second report came in.

SURFNet which owns the network that my Univ uses (Tor runs on my Univ
machine) is well know to react pretty hard to abuse reports. "Thanks"
to their forwarding of the report to Univ's CERT, I had to shutdown my
Tor server (rather abruptly) on Sunday.

As of now, I am deciding whether to restart the server with a reject
*:* or not to run any server at all, since I do not know how much of a
benefit anyone will have with a Tor server with such a strict exit
policy :(

Any suggestions?


On Tue, 8 Feb 2005 20:12:44 -0500, Christopher Heschong <chris@xxxxxxx> wrote:
> Besides the fact that shutting down someone based on a single report
> from the notoriously inaccurate SpamCop is silly, I did some
> investigation.  The spam reported was actually posted through Google
> Groups via their HTTP interface to the Usenet network.  This is a
> possible spam propagation vector you server runners may want to take
> note of.
> Here's one of the messages from google groups:
> http://groups-beta.google.com/group/alt.make.money.fast/msg/
> c6b998ea193e2fa2?dmode=source


> Unfortunately, I'm not rich enough to own my own network infrastructure
> these days.  Since the first "spam" allegation got me shut down for
> over 12 hours (mostly due to poor customer service at my network
> provider) I've had to make the painful (to me) decision to change my
> ExitPolicy to reject *:* and thought some others here might be
> interested.
> I hope that others running tor servers who have the ability to combat
> this sort of network muzzling will do so.  Exit nodes are where the tor
> rubber meets the road, imho, and network AUP bullying is totally
> shameful (please conveniently ignore the fact that I caved at the first
> sign of problems... :)  Anonymous access to network resources is a
> vital tool for liberty, so those who can push back on this sort of
> abuse (and by abuse I mean being beaten up with an AUP stick), please
> push a little harder for us little guys.