On Mon, Oct 31, 2005 at 06:59:50AM +0100, Kristian K??hntopp wrote: > > SORBS lists tor entry nodes as "trojaned machines" in their black lists. I run a Tor exit node with standard exit policy, and am not yet in any RBL: http://rbls.org/?q=213.239.210.243 > My reply to them: > > I do not think that you understand how tor works. They're RBL nazis. Not worth talking to. Anyone who uses a RBL for hard blocking services it out of their fucking minds, anyway. > tor is an anonymous proxy network. Each node lets users connect to the > network, then routes packets around the network in a random and encrypted > fashion and then an exit node makes a connect to the service. > > Even if I blocked NNTP and IRC on my node, a connect to my node would yield a > successful IRC and NNTP connect as long as any node on tor has NNTP and IRC > open. That is how tor is designed to work. > > Anyway, my node is neither trojaned nor a zombie. Please unlist my tor nodes > IP from your blacklist and make sure it does not get on it again. This is a > managed tor node with a listed contact address and requests for blocked exit > IPs are honored. > > Kristian > > ---------- Forwarded Message ---------- > > Subject: [sorbs.net #51340] Need help with 81.169.156.174 (support form) > Date: Monday 31 October 2005 00:31 > From: "SORBS Support (Matthew Sullivan)" <support@xxxxxxxxx> > To: kris@xxxxxxxxxxxx > > > [kris@xxxxxxxxxxxx - Fri Oct 28 16:21:57 2005]: > > > > Name: Kristian K??hntopp > > IP: 81.169.156.174 > > rDNS: [TTL 0] NXDOMAIN > > Domain: any pointing to the above ip, e.g. koehntopp.de, k7p.de and > > others. > > Type: person > > Primary OS: unix > > Skill Level: admin > > DB: hacked/vulnerable server database > > Additional Information: > > > > Your support system will not show me the "evidence" you have that made > > you listing my machine as hacked or trojaned, so I can only guess why > > you are doing this. > > > > The machine is running > > > > h3118:~ # lsof -i -n -P| awk '/LISTEN/ { print $1, $(NF-2) }'| sort | > > uniq -c | sort -rn > > 65 tor TCP > > I can almost certainly say it's the Tor Node. > > You have 2 choices (assuming you want to continue running tor): > > 1/ Seperate your mailserver from your Tor node. > 2/ Stop Tor access to IRC, and NNTP as well as SMTP. > > > The SORBS servers look for open proxy servers and IRC bound trojans. We > test to SMTP and NNTP on the standard ports, as well as listening to IRC > server connections for trojans. > > Regards, > > Mat -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Attachment:
signature.asc
Description: Digital signature