[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] abuse reports from shadowserver.org

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] abuse reports from shadowserver.org
From: Orionjur Tor-admin <tor-admin@xxxxxxxxxxxxxxxxxx>
Date: Sun, 20 Mar 2011 03:58:10 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 20 Mar 2011 00:38:02 -0400
In-reply-to: <20110320011645.GA11948@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20110319112837.GA25592@apus> <20110320011645.GA11948@xxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.24 (X11/20100329)

Mike Perry wrote:
> Thus spake Alexander Bernauer (alex-tor@xxxxxxxxxx):
> 
>> my ISP keeps on receiving abuse reports from shadowserver.org. They
>> claim that an IRC bot operates from the IP that belongs to my tor exit.
>>
>> The strange thing is that my exit policy only allows web and mail ports.
>> Furthermore, the IPs of the shadowserver honeypots have a ptr entry for
>> *.sinkhole.shadowserver.org.
> 
> Hrmm. Based on your snippets of mails you pasted on or-talk, it
> appears that a subset of the shadowserver folks are ideological
> zealots and crazed vigilantes. We've dealt with their flavor of lunacy
> before, in the form of the various "bribe me to get off my list or I
> will blackhole your entire netblock" DNSRBLs.
> 
> It is quite possible that lunatics like these will just make up abuse
> reports and send them to ISPs that look like they might cave. It is
> very interesting that our higher bandwidth exits that *do* exit to IRC
> are not hearing from them right now.
> 
> History has shown that the Internet as a whole usually learns to
> ignore nutballs. AFAIK, all of the "collateral damage" DNSRBLs are
> completely unused these days. Of course, that doesn't stop the
> nutballs from being really annoying in the short term :/.
> 
>> So, I could block their servers either by means of the exit policy or
>> with iptables. Which one would you prefer?
> 
> What is their network topology like? Do they cycle through their
> honeypots? iptables is especially bad if you have the situation where
> what was once a honeypot one week turns into a legitimate server the
> next.
> 
> OTOH, exit policy is bad if you end up with a ton of entries in it... 
> 
>> I additionally wanted to ask here if there is any experience with
>> shadowserver in this regard?
>>
>> Explaining the issue to my ISP failed. They keep on getting nervous.
> 
> This may be an issue. If the zealots believe that they can intimidate
> your ISP to knock you offline, they may keep sending nonsense reports
> to do so, declaring victory that one more tor node bites the dust...
> 
> Not sure what to tell you about this. If they succeed, perhaps it's 
> just new ISP time? There are a lot of crazies out there, not just
> these guys..
> 
> 
> 
> 
Last year my VDS-provider received an idiotical abuse report from them.
Because the emloyees of that ISP were idiots too I was to change my
vds-provider.
It seems to me, that 'shadowserver.org' is an evil group that
deliberately send unfounded abuses against tor-nodes and etc.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] abuse reports from shadowserver.org
  - From: alex-tor

References:
- [tor-relays] abuse reports from shadowserver.org
  - From: Alexander Bernauer
- Re: [tor-relays] abuse reports from shadowserver.org
  - From: Mike Perry

Prev by Author: Re: [tor-relays] Network Scan through Tor Exit Node (Port 80)
Next by Author: Re: [tor-relays] Bridges on OpenWrt
Previous by thread: Re: [tor-relays] abuse reports from shadowserver.org
Next by thread: Re: [tor-relays] abuse reports from shadowserver.org
Index(es):
- Author
- Thread