[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor relay shutted down by ISP

Hash: SHA1

Hello fellow Tor relay admins,

I run several Tor relays on residential DSL connections. This morning my
dad called me, telling me that my ISP had disconnected us from the
Internet because of a Trojan running on my systems (I wasn't at home at
that moment ;)). They had received a abuse complainant that one of my
boxes on this DSL connection was on a botnet.

I checked the timestamp of the log they sended to me with the uptime of
the computers. Only the computer that was running a Tor node was online.
It was pretty obvious that the botnet connections were coming from this
box. The box was clean, had no rootkits installed or other malicious
software, so it was Tor, relaying a connection for a bot.

My ISP didn't knew what Tor was and asked if "that Tor" logged the
connections that were running through it. I told them Tor was an
anonymity system so it doesn't keep any logs of the traffic that's going
through it. They were confused, they told me that every decent Tor relay
keeps a log of the connections running through it.

I'm living in The Netherlands, running this Tor node on the ISP XS4ALL.
XS4ALL is one of the ISP's with the most knowledge of the internet and
the things happening on the internet. I'm pretty shocked that they
didn't knew about Tor. I want to alert all the Tor relay admins that are
running Tor nodes on a connection from XS4ALL to be prepared to get
disconnected, because they think there is a trojan or rootkit running on
your system..

XS4ALL restored the DSL line but I had to promise that it wouldn't
happen again..

Tom Hek
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org