[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: ExitPolicy abuse



FYI: I also had the google groups abuse report for my server...

SK wrote:

Strangely I had exactly the same two reports against my Tor server

1- 2005-01-26 19:35:04 unknown, bots
2 - Google Groups posting via their HTTP interface (eg. on Sun, 6 Feb
2005 11:43:32 +0000 (UTC))

After the 1st incident was reported to me, I changed the exit policy
to block IRC because I reasoned that the bot could be an IRC based on.
Changing the exit policy to allow only 80, 443 and 22 I thought I will
be fine, until the second report came in.

SURFNet which owns the network that my Univ uses (Tor runs on my Univ
machine) is well know to react pretty hard to abuse reports. "Thanks"
to their forwarding of the report to Univ's CERT, I had to shutdown my
Tor server (rather abruptly) on Sunday.

As of now, I am deciding whether to restart the server with a reject
*:* or not to run any server at all, since I do not know how much of a
benefit anyone will have with a Tor server with such a strict exit
policy :(

Any suggestions?

SK

On Tue, 8 Feb 2005 20:12:44 -0500, Christopher Heschong <chris@xxxxxxx> wrote:


Besides the fact that shutting down someone based on a single report
from the notoriously inaccurate SpamCop is silly, I did some
investigation.  The spam reported was actually posted through Google
Groups via their HTTP interface to the Usenet network.  This is a
possible spam propagation vector you server runners may want to take
note of.

Here's one of the messages from google groups:

http://groups-beta.google.com/group/alt.make.money.fast/msg/
c6b998ea193e2fa2?dmode=source




(..........)



Unfortunately, I'm not rich enough to own my own network infrastructure
these days.  Since the first "spam" allegation got me shut down for
over 12 hours (mostly due to poor customer service at my network
provider) I've had to make the painful (to me) decision to change my
ExitPolicy to reject *:* and thought some others here might be
interested.

I hope that others running tor servers who have the ability to combat
this sort of network muzzling will do so. Exit nodes are where the tor
rubber meets the road, imho, and network AUP bullying is totally
shameful (please conveniently ignore the fact that I caved at the first
sign of problems... :) Anonymous access to network resources is a
vital tool for liberty, so those who can push back on this sort of
abuse (and by abuse I mean being beaten up with an AUP stick), please
push a little harder for us little guys.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature