[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor relay shutted down by ISP
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor relay shutted down by ISP
- From: "Ringo Kamens" <2600denver@xxxxxxxxx>
- Date: Wed, 20 Feb 2008 11:34:40 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 20 Feb 2008 11:34:47 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=GME40B9CzijSUGkiAOvKMXUWRxJl9eRQvTaL5K6rqnU=; b=DVhRbRbpLw4bTi+UQSEgDK75GvviJK8zOTyd7NZ1j5OnVBQtkJZfvYhde9mCC5naA19frYzCdxPyj3JKU+Wm0nm97zFgvQAFfgzyudJfWrX9SSrPbp9qeFybdDcfcI5lkUkQloxKHo/rCh/Z/3WjPRJMa0NJhJtQ9lvov/gOFn8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=BN+yJFx4v2oGUee5141xr+62YKUUpgEny8/JIloTlkNXyYdPxTEn/dLWhLUonb11Ozq37voJ/yInOJOpE8Q3bu1IEchQKsXgJYbPu179ndDZ+FehQPSMEAMh6zOBDwkv/sjPtOrVo2YrQ2K/o4jdiowl8LLQcxzbot5ORfBHQJc=
- In-reply-to: <47BC53BC.7080707@xxxxxxxxx>
- References: <47BC53BC.7080707@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Thanks for keeping us updated. If you ever need money for legal fees, a support campaign, or anything like that: let me know. I can round up a lot of assistance through BinaryFreedom and the Anarchist Black Cross.
Comrade Ringo Kamens
Armed Division, 35th Parallel
On Feb 20, 2008 11:22 AM, Tom Hek <tomtorexitnode@xxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hello fellow Tor relay admins,
I run several Tor relays on residential DSL connections. This morning my
dad called me, telling me that my ISP had disconnected us from the
Internet because of a Trojan running on my systems (I wasn't at home at
that moment ;)). They had received a abuse complainant that one of my
boxes on this DSL connection was on a botnet.
I checked the timestamp of the log they sended to me with the uptime of
the computers. Only the computer that was running a Tor node was online.
It was pretty obvious that the botnet connections were coming from this
box. The box was clean, had no rootkits installed or other malicious
software, so it was Tor, relaying a connection for a bot.
My ISP didn't knew what Tor was and asked if "that Tor" logged the
connections that were running through it. I told them Tor was an
anonymity system so it doesn't keep any logs of the traffic that's going
through it. They were confused, they told me that every decent Tor relay
keeps a log of the connections running through it.
I'm living in The Netherlands, running this Tor node on the ISP XS4ALL.
XS4ALL is one of the ISP's with the most knowledge of the internet and
the things happening on the internet. I'm pretty shocked that they
didn't knew about Tor. I want to alert all the Tor relay admins that are
running Tor nodes on a connection from XS4ALL to be prepared to get
disconnected, because they think there is a trojan or rootkit running on
XS4ALL restored the DSL line but I had to promise that it wouldn't
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----