[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] blocking sinkholes and honeypots

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] blocking sinkholes and honeypots
From: scar <scar@xxxxxxxxxx>
Date: Mon, 27 Feb 2017 21:07:11 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 27 Feb 2017 23:23:05 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I receive notice quite often (1-2 times/month) from my ISP that they'detected malicious software' from my IP, ranging from virus, drones,worms, robots, etc. I am using the 'reduced exit policy' for the node.Fortunately i am able to update my exit policy with a reject entry. inhopes it will help other operators in preventing false complaints, belowi provide the list i have accumulated (over the years, so some entriesmight be outdated). If anyone has extras to contribute, please do!

But first i wonder if there could be a better solution. Obviously ifsomeone out there is using Tor for malicious purposes, sendingcomplaints to the Tor operators isn't going to accomplish anything. Allthat we can do is block the IPs on an individual basis, but this doesn'taddress anything really... I feel there is little that could be done oneither side actually. It is for this reason that I believe we shouldencourage sinkhole/honeypot operators to just block/ignore Tor exit IPsthat connect to their traps. what do you all think?





#Sinkholes
ExitPolicy reject 74.208.164.166:*	# Sinkhole
ExitPolicy reject 84.163.172.250:*	# mebroot destination
ExitPolicy reject 87.106.0.0/16:*	# Sinkholes
ExitPolicy reject 87.255.51.229:*	# bots/Carberp, bots/Artro
ExitPolicy reject 91.20.196.40:*	# mebroot
ExitPolicy reject 104.244.12.0/22:*	# confiker/downadup
ExitPolicy reject 131.253.18.12:*	# Zbot / biggestfunds.com
ExitPolicy reject 143.215.130.33:*	# Sinkhole
ExitPolicy reject 143.215.143.11:*	# Sinkhole
ExitPolicy reject 148.81.111.121:*	# Sinkhole
ExitPolicy reject 149.20.56.0/24:*	# Sinkhole
ExitPolicy reject 178.162.203.202:*	# Sinkhole HTTP Drone Report
ExitPolicy reject 184.105.192.2:*	# Sinkhole HTTP Drone Report
ExitPolicy reject 192.42.116.41:*	# Sinkhole
ExitPolicy reject 193.166.255.171:*	# Sinkhole
ExitPolicy reject 195.197.175.21:*	# Sinkhole
ExitPolicy reject 198.87.3.75:*		# Sinkhole
ExitPolicy reject 199.2.137.0/24:*	# Sinkholes
ExitPolicy reject 204.95.96.0/20:*	# M$ Sinkholes
ExitPolicy reject 204.152.184.139:*	# Sinkhole
ExitPolicy reject 208.100.26.234:*	# Drone Report
ExitPolicy reject 216.218.185.160/29:*	# Shadow Server Sinkholes

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Published bridge?
Next by Author: [tor-talk] Transparent proxy and Torbrowser
Previous by thread: Re: [tor-talk] Guard Selection
Next by thread: [tor-talk] obfs4
Index(es):
- Author
- Thread