[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] So long and thanks for all the abuse complaints

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] So long and thanks for all the abuse complaints
From: Zack Weinberg <zackw@xxxxxxx>
Date: Mon, 4 Dec 2017 11:38:37 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 04 Dec 2017 12:05:34 -0500
In-reply-to: <5ea33e7f-5aa5-7afd-cf79-2b95f71dd5e1@monksofcool.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAHvkzy==7nYcsV5XBGusR8BnJD7-w5m-0Qbq0wZgrhj_4Bx8JQ@mail.gmail.com> <5ea33e7f-5aa5-7afd-cf79-2b95f71dd5e1@monksofcool.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, Dec 4, 2017 at 10:57 AM, Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx> wrote:
> On 04.12.17 11:59, James wrote:
>
>> As a private individual, after just receiving my 4th abuse complaint
>> in as many days it's time to stop running my exit node.
>
> I've had an ongoing debate with a hosting service over a fresh exit node
> being abused for network scans (ports 80 and 443) almost hourly for the
> last few days. I can understand that they are pissed off, and the whole
> thing resulted in this particular exit being shut down by the hoster. If
> I could detect and prevent these scans, it would go a long way to avoid
> having my exit nodes shut down by hosting services.

With my exit node operator hat on, I too would like to see some sort
of port-scanning prevention built into the network.  In my case, I had
to turn off exiting to the SSH port because we were getting daily
complaints about abusive scanning for devices with weak admin
passwords.  Which is a shame, since there are plenty of legitimate
uses for SSH-over-Tor.

The tricky part is designing some sort of exit-node-controlled
new-connection rate limiting that's content-blind and won't interfere
with legitimate uses.  And "legitimate uses" include things like a web
browser generating a burst of TCP connections to the same HTTP/1.1
server cluster, exitmap connecting to the same test server repeatedly
via every exit node in the network, and so on.  I would want to see
any proposal document include a long list of known non-abusive traffic
scenarios and an argument that the mechanism would not interfere with
each.

zw
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] So long and thanks for all the abuse complaints
  - From: s7r

References:
- [tor-relays] So long and thanks for all the abuse complaints
  - From: James
- Re: [tor-relays] So long and thanks for all the abuse complaints
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] #34C3 Tor Assembly
Next by Author: Re: [tor-relays] companies and organizations running relays
Previous by thread: Re: [tor-relays] So long and thanks for all the abuse complaints
Next by thread: Re: [tor-relays] So long and thanks for all the abuse complaints
Index(es):
- Author
- Thread