[tor-relays] Verizon AS701 blocking Tor consensus server tor26 (86.59.21.38)

Matthew Glennon matthew at glennon.online
Wed May 16 12:17:54 UTC 2018 

My relay exhibits the same results on AS701, MCI Communications Services,
Inc. d/b/a Verizon Business
https://metrics.torproject.org/rs.html#details/924B24AFA7F075D059E8EEB284CC400B33D3D036

matthew at freedom:~$ traceroute 86.59.21.38
traceroute to 86.59.21.38 (86.59.21.38), 30 hops max, 60 byte packets
 1  lo0-100.RCMDVA-VFTTP-307.verizon-gni.net (96.253.78.1)  4.340 ms  4.297
ms  4.273 ms
 2  B3307.RCMDVA-LCR-22.verizon-gni.net (130.81.24.74)  3.854 ms  4.156 ms
8.609 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *



On Tue, May 15, 2018 at 9:18 PM Shawn Webb <shawn.webb at hardenedbsd.org>
wrote:

> On Tue, May 15, 2018 at 08:12:50PM -0400, Neel Chauhan wrote:
> > Hi tor-relays mailing list,
> >
> > I have noticed that the Tor consensus server tor26 (
> https://metrics.torproject.org/rs.html#details/847B1F850344D7876491A54892F904934E4EB85D
> )
> > is blocked on Verizon's UUNET (AS701) backbone, and therefore, Verizon's
> > retail services like FiOS and Wireless. I can confirm this on FiOS, but I
> > don't use Verizon Wireless (my smartphone uses Sprint) so I can't test it
> > there.
> >
> > A traceroute to tor26's IP address 86.59.21.38 from a Brooklyn apartment
> > shows this is filtered on Verizon's backbone:
> >
> > neel at xb2:~ % traceroute 86.59.21.38
> > traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets
> >  1  unknown (192.168.1.1)  1.128 ms  0.780 ms  0.613 ms
> >  2  lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1)  1.001 ms
> 3.632
> > ms  0.900 ms
> >  3  B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96)  2.291 ms
> >     B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94)  3.172 ms
> 4.046 ms
> >  4  * * *
> >  5  * * *
> >  6  * * *
> >  7  * * *
> >  8  * * *
> >  9  * * *
> > ^C
> > neel at xb2:~ %
> >
> > In a normal traceroute, you will see ALTER.NET at hop 5. Also, the
> subnet
> > 86.59.21.0/24 is not filtered on UUNET. A traceroute to 86.59.21.1
> works:
> >
> > neel at xb2:~ % traceroute 86.59.21.1
> > traceroute to 86.59.21.1 (86.59.21.1), 64 hops max, 40 byte packets
> >  1  unknown (192.168.1.1)  0.863 ms  0.757 ms  0.579 ms
> >  2  lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1)  1.010 ms
> 1.545
> > ms  1.034 ms
> >  3  B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96)  3.616 ms
> >     B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94)  5.696 ms
> 10.062 ms
> >  4  * * *
> >  5  0.et-5-1-5.BR3.NYC4.ALTER.NET (140.222.2.127)  3.492 ms  3.506 ms
> 2.996
> > ms
> >  6  204.255.168.118 (204.255.168.118)  8.462 ms  7.479 ms  7.252 ms
> >  7  144.232.4.84 (144.232.4.84)  5.041 ms  4.688 ms
> >     sl-crs3-lon-0-6-3-0.sprintlink.net (144.232.9.165)  71.865 ms
> >  8  sl-crs2-lon-0-0-3-0.sprintlink.net (213.206.128.181)  72.214 ms
> 73.579
> > ms  72.339 ms
> >  9  213.206.129.142 (213.206.129.142)  81.390 ms
> >     sl-crs4-ams-0-7-0-3.sprintlink.net (213.206.129.139)  85.854 ms
> 93.238
> > ms
> > 10  217.149.47.46 (217.149.47.46)  79.004 ms  85.669 ms  79.392 ms
> > 11  ams5-core-1.bundle-ether1.tele2.net (130.244.82.54)  86.507 ms
> 78.374
> > ms  77.740 ms
> > 12  ams-core-2.bundle-ether9.tele2.net (130.244.82.57)  79.642 ms
> 77.926 ms
> > 81.515 ms
> > 13  wen3-core-2.bundle-ether15.tele2.net (130.244.71.47)  105.400 ms
> > 105.089 ms  109.751 ms
> > 14  tele2at-bundle2-vie3.net.uta.at (212.152.189.65)  122.716 ms
> 110.820 ms
> > 114.354 ms
> > 15  86.59.21.1 (86.59.21.1)  106.389 ms *  105.379 ms
> > neel at xb2:~ %
> >
> > I got in contact with Peter Palfrader and he says he couldn't help, and
> also
> > with Verizon FiOS support and they said the filtering 'isn't on Verizon's
> > network' (read: isn't on Verizon's internal FiOS network but still on
> > Verizon's AS701 which I have to go to to get anywhere on the Internet
> here).
> >
> > I know that this IP could have been blackholed, and you may think that if
> > Verizon is blocking it, then isn't Level 3 or Cogent? Well, Cogent
> doesn't
> > block tor26:
> >
> > traceroute to 86.59.21.38 (86.59.21.38), 30 hops max, 60 byte packets
> >  1  gi0-1-1-19.5.agr21.jfk02.atlas.cogentco.com (66.28.3.113)  0.727 ms
> > 0.727 ms
> >  2  be2605.ccr41.jfk02.atlas.cogentco.com (154.54.1.153)  2.177 ms
> > be2606.ccr42.jfk02.atlas.cogentco.com (154.54.2.29)  0.734 ms
> >  3  be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)  68.557 ms
> > be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)  70.829 ms
> >  4  be12488.ccr42.ams03.atlas.cogentco.com (130.117.51.42)  74.570 ms
> > be12194.ccr41.ams03.atlas.cogentco.com (154.54.56.94)  76.767 ms
> >  5  be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)  74.515 ms
> 74.612
> > ms
> >  6  149.6.129.250 (149.6.129.250)  80.758 ms  74.625 ms
> >  7  ams5-core-1.bundle-ether1.tele2.net (130.244.82.54)  75.421 ms
> 75.425
> > ms
> >  8  ams-core-2.bundle-ether9.tele2.net (130.244.82.57)  74.516 ms
> 74.558 ms
> >  9  wen3-core-2.bundle-ether15.tele2.net (130.244.71.47)  97.605 ms
> 95.470
> > ms
> > 10  tele2at-bundle2-vie3.net.uta.at (212.152.189.65)  100.314 ms
> 97.947 ms
> > 11  86.59.118.145 (86.59.118.145)  96.918 ms  98.620 ms
> > 12  tor.noreply.org (86.59.21.38)  97.853 ms  98.110 ms
> >
> > (Source: http://www.cogentco.com/en/network/looking-glass)
> >
> > It could be possible that other Tier 1 networks formerly blocked tor26,
> and
> > also unblocked, but Verizon was sloppy not to do so.
> >
> > It's also possible that Verizon could be doing it because the FCC
> repealed
> > Net Neturality, and wants to discourage use of Tor to mine FiOS/VZW
> > customers' browsing habits. But despite a NN repeal I can still access
> Tor
> > on FiOS, and also run a relay (I do both) because other consensus relays
> are
> > still unblocked.
> >
> > But if Verizon didn't unblock tor26, could it actually mean that Verizon
> > wants to discourage Tor (and VPN/proxy) use to try to mine information of
> > their customers (and sell ads/information) and direct users to VZ-owned
> AOL
> > and Yahoo? Well, I hope they were just sloppy and don't mean to wage war
> on
> > Tor.
> >
> > While I'm not saying you should avoid using anything Verizon at all
> costs (I
> > certainly wouldn't want to go to the local cable company), I just want to
> > point out a blocked consensus server.
>
> I'm seeing the same thing from the greater Baltimore, MD area:
>
> traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets
>  1  172.16.3.1 (172.16.3.1)  0.172 ms  0.162 ms  0.115 ms
>  2  lo0-100.BLTMMD-VFTTP-323.verizon-gni.net (100.16.216.1)  23.228 ms
> 7.782 ms  2.901 ms
>  3  B3323.BLTMMD-LCR-22.verizon-gni.net (100.41.222.240)  2.982 ms
>     B3323.BLTMMD-LCR-21.verizon-gni.net (100.41.222.238)  1.702 ms
>     B3323.BLTMMD-LCR-22.verizon-gni.net (100.41.222.240)  7.756 ms
>  4  * * *
>
> 100.41.222.240 is AS19262.
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>
> Tor-ified Signal:    +1 443-546-8752 <(443)%20546-8752>
> Tor+XMPP+OTR:        lattera at is.a.hacker.sx
> GPG Key ID:          0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-- 
Matthew Glennon
matthew at glennon.online
PGP Signing Available Upon Request
https://keybase.io/crazysane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180516/45646b9e/attachment.html>

More information about the tor-relays mailing list