[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] blocking sinkholes and honeypots
I receive notice quite often (1-2 times/month) from my ISP that they
'detected malicious software' from my IP, ranging from virus, drones,
worms, robots, etc. I am using the 'reduced exit policy' for the node.
Fortunately i am able to update my exit policy with a reject entry. in
hopes it will help other operators in preventing false complaints, below
i provide the list i have accumulated (over the years, so some entries
might be outdated). If anyone has extras to contribute, please do!
But first i wonder if there could be a better solution. Obviously if
someone out there is using Tor for malicious purposes, sending
complaints to the Tor operators isn't going to accomplish anything. All
that we can do is block the IPs on an individual basis, but this doesn't
address anything really... I feel there is little that could be done on
either side actually. It is for this reason that I believe we should
encourage sinkhole/honeypot operators to just block/ignore Tor exit IPs
that connect to their traps. what do you all think?
#Sinkholes
ExitPolicy reject 74.208.164.166:* # Sinkhole
ExitPolicy reject 84.163.172.250:* # mebroot destination
ExitPolicy reject 87.106.0.0/16:* # Sinkholes
ExitPolicy reject 87.255.51.229:* # bots/Carberp, bots/Artro
ExitPolicy reject 91.20.196.40:* # mebroot
ExitPolicy reject 104.244.12.0/22:* # confiker/downadup
ExitPolicy reject 131.253.18.12:* # Zbot / biggestfunds.com
ExitPolicy reject 143.215.130.33:* # Sinkhole
ExitPolicy reject 143.215.143.11:* # Sinkhole
ExitPolicy reject 148.81.111.121:* # Sinkhole
ExitPolicy reject 149.20.56.0/24:* # Sinkhole
ExitPolicy reject 178.162.203.202:* # Sinkhole HTTP Drone Report
ExitPolicy reject 184.105.192.2:* # Sinkhole HTTP Drone Report
ExitPolicy reject 192.42.116.41:* # Sinkhole
ExitPolicy reject 193.166.255.171:* # Sinkhole
ExitPolicy reject 195.197.175.21:* # Sinkhole
ExitPolicy reject 198.87.3.75:* # Sinkhole
ExitPolicy reject 199.2.137.0/24:* # Sinkholes
ExitPolicy reject 204.95.96.0/20:* # M$ Sinkholes
ExitPolicy reject 204.152.184.139:* # Sinkhole
ExitPolicy reject 208.100.26.234:* # Drone Report
ExitPolicy reject 216.218.185.160/29:* # Shadow Server Sinkholes
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk