[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Fwd: [sorbs.net #51340] Need help with 81.169.156.174 (support form)

To: or-talk@xxxxxxxxxxxxx
Subject: Fwd: [sorbs.net #51340] Need help with 81.169.156.174 (support form)
From: Kristian KÃhntopp <kris@xxxxxxxxxxxxxxxxxx>
Date: Mon, 31 Oct 2005 07:53:05 +0100
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Mon, 31 Oct 2005 01:53:21 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: KMail/1.8.2

This is essentially a request to shut down tor, and I don't think they really 
want to listen. Has anybody ever tried to sue a delisting out of them?

Kristian

----------  Forwarded Message  ----------

Subject: [sorbs.net #51340] Need help with 81.169.156.174 (support form)
Date: Monday 31 October 2005 07:27
From: "SORBS Support (Matthew Sullivan)" <support@xxxxxxxxx>
To: kris@xxxxxxxxxxxx

> [kris@xxxxxxxxxxxx - Mon Oct 31 15:55:51 2005]:
>
> On Monday 31 October 2005 00:31, SORBS Support (Matthew Sullivan)
>
> wrote:
> > I can almost certainly say it's the Tor Node.
> >
> > You have 2 choices (assuming you want to continue running tor):
> >
> > 1/ Seperate your mailserver from your Tor node.
> > 2/ Stop Tor access to IRC, and NNTP as well as SMTP.
> >
> >
> > The SORBS servers look for open proxy servers and IRC bound trojans.
>
> We
>
> > test to SMTP and NNTP on the standard ports, as well as listening to
>
> IRC
>
> > server connections for trojans.
>
> I do not think that you understand how tor works.

Actually I understand perfectly well how it works, it is an open proxy
system that anonymizes abuse and legitimate users.

> tor is an anonymous proxy network. Each node lets users connect to the
> network, then routes packets around the network in a random and
> encrypted
> fashion and then an exit node makes a connect to the service.
>
> Even if I blocked NNTP and IRC on my node, a connect to my node would
> yield a
> successful IRC and NNTP connect as long as any node on tor has NNTP
> and IRC
> open. That is how tor is designed to work.

Correct - and that traffic leaving your machine whether it be your
client or a remote anonymous tor client is the reason for the listing.

> Anyway, my node is neither trojaned nor a zombie. Please unlist my tor
> nodes
> IP from your blacklist and make sure it does not get on it again. This
> is a
> managed tor node with a listed contact address and requests for
> blocked exit
> IPs are honored.

Then take this as a request - do not allow remote tor connections to IRC
networks which I run or am running a IRC trojan data collector on.
Further do not allow any SMTP or NNTP traffic to exit your tor node to
any network I am collecting data from.  I cannot disclose said networks
because I am under NDA (this even applies to the fact none of the other
SORBS admins know some of the networks that the SORBS collectors run
on).  If you want to keep delisted from SORBS, you will have to stop
traffic to IRC networks, SMTP services (25, 465, and 587) as well as
NNTP (119, and 563).

You are accountable for abuse from your server, and I don't care whether
it is from the tor network or not.  You have gone to great lengths to
ensure that the traffic from the tor network appears to be originated by
you, so as far as I and SORBS is concerned you are responsible said traffic.

Regards,

Matthew

-------------------------------------------------------

-- 
Kristian =?iso-8859-15?q?K=F6hntopp?= <kris@xxxxxxxxxxxxxxxxxx>

Follow-Ups:
- Re: Fwd: [sorbs.net #51340] Need help with 81.169.156.174 (support form)
  - From: numE

Prev by Author: Fwd: [sorbs.net #51340] Need help with 81.169.156.174 (support form)
Next by Author: Re: TOR in Java?
Previous by thread: Re: Fwd: [sorbs.net #51340] Need help with 81.169.156.174 (support form)
Next by thread: Re: Fwd: [sorbs.net #51340] Need help with 81.169.156.174 (support form)
Index(es):
- Author
- Thread