[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Fwd: [sorbs.net #51340] Need help with 81.169.156.174 (support form)



On Mon, Oct 31, 2005 at 06:59:50AM +0100, Kristian K??hntopp wrote:
> 
> SORBS lists tor entry nodes as "trojaned machines" in their black lists.

I run a Tor exit node with standard exit policy, and am not yet in any
RBL: http://rbls.org/?q=213.239.210.243
 
> My reply to them:
> 
> I do not think that you understand how tor works.

They're RBL nazis. Not worth talking to. Anyone who uses a RBL for
hard blocking services it out of their fucking minds, anyway. 
 
> tor is an anonymous proxy network. Each node lets users connect to the
> network, then routes packets around the network in a random and encrypted
> fashion and then an exit node makes a connect to the service.
> 
> Even if I blocked NNTP and IRC on my node, a connect to my node would yield a
> successful IRC and NNTP connect as long as any node on tor has NNTP and IRC
> open. That is how tor is designed to work.
> 
> Anyway, my node is neither trojaned nor a zombie. Please unlist my tor nodes
> IP from your blacklist and make sure it does not get on it again. This is a
> managed tor node with a listed contact address and requests for blocked exit
> IPs are honored.
> 
> Kristian
> 
> ----------  Forwarded Message  ----------
> 
> Subject: [sorbs.net #51340] Need help with 81.169.156.174 (support form)
> Date: Monday 31 October 2005 00:31
> From: "SORBS Support (Matthew Sullivan)" <support@xxxxxxxxx>
> To: kris@xxxxxxxxxxxx
> 
> > [kris@xxxxxxxxxxxx - Fri Oct 28 16:21:57 2005]:
> >
> > Name: Kristian K??hntopp
> > IP: 81.169.156.174
> > rDNS: [TTL 0] NXDOMAIN
> > Domain: any pointing to the above ip, e.g. koehntopp.de, k7p.de and
> > others.
> > Type: person
> > Primary OS: unix
> > Skill Level: admin
> > DB: hacked/vulnerable server database
> > Additional Information:
> >
> > Your support system will not show me the "evidence" you have that made
> > you listing my machine as hacked or trojaned, so I can only guess why
> > you are doing this.
> >
> > The machine is running
> >
> > h3118:~ # lsof -i -n -P| awk '/LISTEN/ { print $1, $(NF-2) }'| sort |
> > uniq -c | sort -rn
> >      65 tor TCP
> 
> I can almost certainly say it's the Tor Node.
> 
> You have 2 choices (assuming you want to continue running tor):
> 
> 1/ Seperate your mailserver from your Tor node.
> 2/ Stop Tor access to IRC, and NNTP as well as SMTP.
> 
> 
> The SORBS servers look for open proxy servers and IRC bound trojans.  We
> test to SMTP and NNTP on the standard ports, as well as listening to IRC
> server connections for trojans.
> 
> Regards,
> 
> Mat
-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Attachment: signature.asc
Description: Digital signature