[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] BadExit

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] BadExit
From: <gerard@xxxxxxxxxxxx>
Date: Thu, 26 Mar 2020 14:06:30 -0000
Authentication-results: bulger.co.uk; spf=pass (sender IP is 188.29.164.148) smtp.mailfrom=gerard@xxxxxxxxxxxx smtp.helo=DESKTOP0274C16
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 26 Mar 2020 11:42:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bulger.co.uk; s=default; t=1585231592; bh=qQqe1TV+FbViUZC33kHMZus4VC2K+8xqHcjhjCckvJU=; h=From:To:Subject; b=VzWnhAWtVvwDEDU/NVj8E0+zV3D6025goTUdFnqYpp08uQXwKZ5IGCrr1LYrRMYP+ XJI9LngaTM6tx+kRx6QgkXbNO41VnpTi8j3eDiYWco/OopVCTFJV1hjxI+rAsyBV4N 7DVdeTuFDqePsGD39NhsmL7+D199XHcWBWs8GjM8=
In-reply-to: <D05E6F86-2B8E-4598-BC0C-CAE853B5A6F2@to-surf-and-protect.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <01fb01d601e4$805f2a60$811d7f20$@bulger.co.uk> <37dae172-7c4d-be14-eb8b-20c6e6f0c67d@torproject.org> <00f201d602f4$bbdb8550$33928ff0$@bulger.co.uk> <D05E6F86-2B8E-4598-BC0C-CAE853B5A6F2@to-surf-and-protect.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQHyMCAKxRPMBepeVRIndrJEgPNWkwJzuWY/AhFunSkBRhG1saf0MnTA

"btw, you need to have at least port 80 and 443 … port 80 is missing …"

It there. But to a /8 area IPV4, all IPv6

I have not changed my exit policy for years.  Port 80 is there, just limited to a  /8  network and all IPv6 addresses port 80 allowed.
443 all there IPv4 and IPv6

Testing seems to be exiting OK, but badexit tag still there.


Gerry


-----Original Message-----
From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of niftybunny
Sent: 26 March 2020 12:49
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] BadExit

btw, you need to have at least port 80 and 443 … port 80 is missing …

Cheers,

niftybunny


> On 25. Mar 2020, at 23:28, gerard@xxxxxxxxxxxx wrote:
> 
> George
> 
> Thanks
> 
> My exit, still badexit, is  51AE5656C81CD417479253A6363A123A007A2233  
> and I did get an email which I missed, as it is simply failing to 
> exit, Implying my ISP was doing something before they told me.  Seems 
> to be exiting from my local port now.
> 
> 
> 
> 
> 
> -----Original Message-----
> From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf 
> Of Georg Koppen
> Sent: 24 March 2020 18:21
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-relays] BadExit
> 
> Hi!
> 
> gerard@xxxxxxxxxxxx:
>> Oh the shame!   Never had that tag on my exit before.
> 
> Sorry to hear. :(
> 
>> 
>> 
>> I assume it was due to a bad boy attacking an IP, pointed out by my 
>> ISP,
> and
>> the ISP put my server "under mitigation".    I assume some filtering,
> which
>> of course would have looked bad to TOR users.
>> 
>> 
>> 
>> I did not spot the ISP's email for 30 minutes, but then I was able to 
>> block the offended IP.  Within minutes of doing that the ISP said 
>> attack stop and my server was removed from mitigation.  However the 
>> next day badexit tag on my exit and remains there
>> 
>> 
>> 
>> How long does the tag last?
> 
> So long as the Directory Authorities assign it.
> 
>> 
>> 
>> I go to my other, overseas exit, a family member, to see the tag is aslo
>> applied there to.    Do family members get tarred with the same brush?
> 
> It depends on the reason for badexiting.
> 
>> 
>> 
>> I have turned both into relays for the time being.
>> 
>> 
>> 
>> 
>> 
>> Or have I got this wrong.   Is it a  DNS thing?  Are no some DNS providers
>> causing issues forcing the tag?   I am not using opendns.
> 
> It could be a DNS thing, I am not sure. I recently pushed a commit 
> that leads to some exits getting that flag. I tried to contact all the 
> relay operators beforehand (some did not have any ContactInfo set) but 
> I got almost no reply back. For details see [1].
> 
> What's the fingerprint of your relay that got the badexit flag?
> 
> Georg
> 
> [1] https://trac.torproject.org/projects/tor/ticket/32864
> 
>> 
>> 
>> Gerry
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] BadExit
  - From: niftybunny

References:
- [tor-relays] BadExit
  - From: gerard
- Re: [tor-relays] BadExit
  - From: Georg Koppen
- Re: [tor-relays] BadExit
  - From: gerard
- Re: [tor-relays] BadExit
  - From: niftybunny

Prev by Author: [tor-relays] BadExit
Next by Author: Re: [tor-relays] Port Forwarding Question
Previous by thread: Re: [tor-relays] BadExit
Next by thread: Re: [tor-relays] BadExit
Index(es):
- Author
- Thread