[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

my isp cut me off



So I've been running a Tor exit node router for a few weeks now. Last
night I got home and found that my server was offline; I called the
ISP and they said the network cable was unplugged due to a DoS attack.
I asked them to plug it back in but didn't get any more details at the
time. I said I would look around and see if I could find any reason
for that. I did disable the standard irc ports in my Tor exit policy,
because I figured that's the most likely place for abuse.

This morning I found that it was offline again; when I called the tech
guy couldn't really tell me much more except that it was an incoming
DoS attack, and that the server appeared to be involved in irc botnet
traffic. He said the trouble ticket suspected my server was rooted, I
knew it was probably just Tor doing its job.

So before my server is plugged back in, I get to talk to the network
manager to find out more about what's going on here. I need to brush
up on my Tor faq so I can coherently explain to my ISP what's going
on. I will probably also end up modifying my Tor exit policy to only
allow specific ports rather than the default of rejecting certain
ports. I don't like to have to do that.

Does anybody have any recommendations on what I should say? The way I
see it, we're all in pretty much the same boat here. Surely this sort
of thing has happened to others too.

Greg Hewgill
http://hewgill.com