On Sat, 17 May 2014 10:27:39 +0200 dope457 <dope457@xxxxxxxxxx> wrote: > Hello, > > I have been running middle relay on my VPS since it was too much trouble > to operate an exit. But ever since I have received two abuse reports > regarding same issue. > > 1) Source: 31.31.78.141 > Event type: DNSANOMALY > Detail: High amount of TCP DNS traffic, whole transfer: 12 503 B > Timestamp: > 2014-05-14 > 20:20:35 > NetFlow source: localhost > Targets: 178.238.223.67 This relay: http://torstatus.blutmagie.de/router_detail.php?FP=44efaf942314f756fc7ea50292d5b383e568a9bd runs with their ORPort set to 53, which is more commonly used for the TCP variant of DNS. So your ordinary communication with them as a part of Tor relaying is misdetected by your ISP as malicious DNS attack. You options are: 1) Explaining the above (along with some explanation about Tor network in general) to your provider; 2) mailing to the contact E-Mail of the above relay, asking them to change their port (but then there may be more relays doing the same in the future); 3) blocking outgoing communication to TCP port 53 to all IPs which are not your chosen recusive DNS servers (set in /etc/resolv.conf); but this will partially break the Tor network, as part of the circuits which clients try to establish via your node will now fail (if they happen to include such ORPort 53 nodes). -- With respect, Roman
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays