[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Tor non-exit list
- To: me@xxxxxxxxx
- Subject: [tor-relays] Tor non-exit list
- From: Carsten Otto <otto@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 19 Jun 2024 09:37:28 +0200
- Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx, FTP <ftp@xxxxxxxxxxxxxxxxxxxxxx>
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Wed, 19 Jun 2024 04:39:52 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=rwth-aachen.de; i=@rwth-aachen.de; q=dns/txt; s=20240516-RWTH; t=1718782653; x=1750318653; h=date:from:to:cc:subject:message-id:reply-to:mime-version; bh=EEm9YE1fvqLgdwtfpfnxKeVQtb2tOp5YMH9cFUK+Wt8=; b=ZUaDz5kp7UlXYGGFZX/QBzA15lPPDx+GEh2ZSQC108bTnSJjY9X3wpWF 87QZVnuLo9g/5IFwtI8OOS1m9ygDMKSUHiqLuTlke0pQngpSaiKFyBfIt irPP5PyDboNZQK+wU+bYU3QO9QwpveOgCYHqUg1tOwtCT5cWwDF3wsPlq Ei44Oi/RWf+7Ad5xAGfbq6s21ImScqrm1vbrmreGEs6pMmNlbDSetozYq zzngcekPRMtyaiB+qrDaL2uIzv0KDKpIHcvhFHwGxCZ6vdI0oJyHGBAej q7DCniY1zauUDyGMvvmKJ//DXOVPgwIuS3KiUGnStZf7M7n1OLPJSt/Zu w==;
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=c-otto.de; s=2021; h=Content-Type:MIME-Version:Reply-To:Message-ID:Subject:Cc:To:From: Date:Sender:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=KdPR12qxwPke503dDURhNoJgat2EdcZhi/y5txRNNb4=; b=1DSBztSw16mf4td+/2+MPYA2Ws 2V15eagxnGkRihENFpWcJu6wJjOMWuQYlcax9RQr5FhGk94T8deEbMkkV/nxipLEA8dcXgOB8a5zR QRSROTGSjVDV4tWuKrm2GOU0PtjNllrwA0wMYtQwgxPdtHC11ovWilmB7tBsLhsa3L4FrCo5W/bHE Uxk0CvWgq/GLGd0d4VufVx5Y3hAq7pSZeeS88U3ZdoQLUVG5ouUAkeNGsNhy948s3mHX9otuwQJwa LctYCAYATrTeZu53NhvrKyHLM0VAqr1ZczDTUlsH1k9Lvaj2ptSvhOjmQFWsT8mcnnf9PQvxmbKxK fkwbLdvg==;
- Ironport-data: A9a23:EwjIdaNnsLisVabvrR3ZlsFynXyQoLVcMsEvi/4bfWQNrUpwg2FTy DcdWTqPOvuLZDeket92bY7lpEtTvJTTmIU1T3M5pCpnJ55oRWspJvzEdBuqb3PKRiHnZBg6h ynLQoCYdKjYdleF+1H1dOGn9SIkvU2xbuKUIPbePSxsThNTRi4kiBZy88Y0mYcAbeKRWmthg vus5ZWPULOZ82QsaD5MtfvS8EoHUMna4Vv0gHRvPZing3eDzxH5PLpHTYmtIn3xRJVjH+LSb 44vG5ngows1Vz90Yj+Uuu6Tnn8iG9Y+DiDS4pZiYJVOtzAZzsAE+vthaKBMOR8/ZwKhxLidw P0V3XC5pJxA0qfkwIzxWDEAe81y0DEvFLLveRCCXcKvI0LuQkHAz/ZUJ0EKHIgg38RxJkwQ9 ec1EWVYBvyDr7reLLOTUPZwhskzadKxeYpZoG58zXTQAbAqTPgvQY2TvoMehWxowJoQW6+DO 6L1ahI2BPjESxpTJlA/CZQwm/2tj2X+cHtCt06V4KM+6Gjeykp93dABNfKPIIHRHJkKxR/wS mTu8WX9MwBBH9ql8Teoz1WC28WWliOqV9dHfFG/3rsw6LGJ/UQWBTUaXF39pPT/l03Wc9xDM 2QU8y4vo6Eisla0Utm4VhSzoHOC+BIRM/JMFPd/8gyJw7vPywKYHXQfCCJGcsQ8s807TiBs0 UWG9+4FHhR1r6GVRGLY7e3RpHWoJjQVaGYOIyMJJecY3+TeTEgIpkqnZr5e/GSd17UZxRmYL +i2kRUD
- Ironport-hdrordr: A9a23:U8OBfaAfxRTsaTHlHela55DYdb4zR+YMi2TDGXoRdfVwSL3+qy nOpoV+6faQslwssR4b9exoVJPufZq+z+8R3WByB8bAYOCOggLBR+xfBO3Zsl/d8kXFh5VgPM xbE5SWZuefMbAs5vyKnTVQROxQuuWvweSTraPz3ndoCSttbKZt5Ro8Kj/zKDwReCB2QaAQUL aM5s4CgzKhfDA5dcK+b0N1JtTrlpnwvNbLcB4DQyQs4A6IgT7A0s+DLySl
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Hi Dan,
For reference:
https://www.dan.me.uk/dnsbl
https://www.dan.me.uk/tornodes
https://www.dan.me.uk/torlist/?full
First of all, thank you for your tools and other contributions. The mere
fact that your DNS blocklists are used by countless vendors should be a
compliment in itself, and I'd be happy to have that much impact with my
own projects.
As you already state on your own site ("Please think carefully
before choosing to use this list for blocking purposes"), your non-exit
Tor relay list is a bit unusual. I'm running ftp.halifax.rwth-aachen.de,
a major file mirror serving around 30 TByte of data at around 4 GBit/sec
(on average). Recently, we added Tor relays on the same IP address, and
your list correctly picked this up (137.226.34.46).
Now, I'm writing as this caused quite a lot of mayhem. Several
"security" appliance vendors didn't "think carefully" before adding your
non-exit list to their devices. Among those are Arbor Prevail, Check
Point, Ubiquiti (UniFi) - feel free to search for
"ET TOR Known Tor Relay/Router (Not Exit) Node"
to see the effect of this. In addition to private users making use of
such devices, several banks/corporations/institutions started blocking
our IP address, causing some frustration with us and their admins, as
their Linux/Jenkins/... updates suddenly stopped working. As you might
have guessed, changing "security" configurations (even if they may be
wrong or questionable) is quite a challenge, and in some cases the
(motivated) admins weren't unable to fix this issue on their end.
As you seem to be well aware of what Tor is, what an exit relay does and
what a non-exit relay does, would you be willing to retire the non-exit
blocklist (at least the part that can be used for automated blocks)? I'd
argue that the current setup does more harm than good (assuming you
agree that Tor is a good thing in general). I'd be happy to discuss pros
and cons, but ultimately that's your decision to make.
Thanks
Carsten
--
Dr. Carsten Otto
http://verify.rwth-aachen.de/otto/
Attachment:
signature.asc
Description: PGP signature
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays