[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] So long and thanks for all the abuse complaints
On Mon, Dec 4, 2017 at 10:57 AM, Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx> wrote:
> On 04.12.17 11:59, James wrote:
>
>> As a private individual, after just receiving my 4th abuse complaint
>> in as many days it's time to stop running my exit node.
>
> I've had an ongoing debate with a hosting service over a fresh exit node
> being abused for network scans (ports 80 and 443) almost hourly for the
> last few days. I can understand that they are pissed off, and the whole
> thing resulted in this particular exit being shut down by the hoster. If
> I could detect and prevent these scans, it would go a long way to avoid
> having my exit nodes shut down by hosting services.
With my exit node operator hat on, I too would like to see some sort
of port-scanning prevention built into the network. In my case, I had
to turn off exiting to the SSH port because we were getting daily
complaints about abusive scanning for devices with weak admin
passwords. Which is a shame, since there are plenty of legitimate
uses for SSH-over-Tor.
The tricky part is designing some sort of exit-node-controlled
new-connection rate limiting that's content-blind and won't interfere
with legitimate uses. And "legitimate uses" include things like a web
browser generating a burst of TCP connections to the same HTTP/1.1
server cluster, exitmap connecting to the same test server repeatedly
via every exit node in the network, and so on. I would want to see
any proposal document include a long list of known non-abusive traffic
scenarios and an argument that the mechanism would not interfere with
each.
zw
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays