[tor-relays] BadExit

niftybunny abuse-contact at to-surf-and-protect.net
Thu Mar 26 15:48:05 UTC 2020 

My bad. Never seen this before. I there a good reason for the accept 133.0.0.0/8:80 ?

niftybunny


> On 26. Mar 2020, at 15:06, gerard at bulger.co.uk wrote:
> 
> "btw, you need to have at least port 80 and 443 … port 80 is missing …"
> 
> It there. But to a /8 area IPV4, all IPv6
> 
> I have not changed my exit policy for years.  Port 80 is there, just limited to a  /8  network and all IPv6 addresses port 80 allowed.
> 443 all there IPv4 and IPv6
> 
> Testing seems to be exiting OK, but badexit tag still there.
> 
> 
> Gerry
> 
> 
> -----Original Message-----
> From: tor-relays <tor-relays-bounces at lists.torproject.org> On Behalf Of niftybunny
> Sent: 26 March 2020 12:49
> To: tor-relays at lists.torproject.org
> Subject: Re: [tor-relays] BadExit
> 
> btw, you need to have at least port 80 and 443 … port 80 is missing …
> 
> Cheers,
> 
> niftybunny
> 
> 
>> On 25. Mar 2020, at 23:28, gerard at bulger.co.uk wrote:
>> 
>> George
>> 
>> Thanks
>> 
>> My exit, still badexit, is  51AE5656C81CD417479253A6363A123A007A2233
>> and I did get an email which I missed, as it is simply failing to
>> exit, Implying my ISP was doing something before they told me.  Seems
>> to be exiting from my local port now.
>> 
>> 
>> 
>> 
>> 
>> -----Original Message-----
>> From: tor-relays <tor-relays-bounces at lists.torproject.org> On Behalf
>> Of Georg Koppen
>> Sent: 24 March 2020 18:21
>> To: tor-relays at lists.torproject.org
>> Subject: Re: [tor-relays] BadExit
>> 
>> Hi!
>> 
>> gerard at bulger.co.uk:
>>> Oh the shame!   Never had that tag on my exit before.
>> 
>> Sorry to hear. :(
>> 
>>> 
>>> 
>>> I assume it was due to a bad boy attacking an IP, pointed out by my
>>> ISP,
>> and
>>> the ISP put my server "under mitigation".    I assume some filtering,
>> which
>>> of course would have looked bad to TOR users.
>>> 
>>> 
>>> 
>>> I did not spot the ISP's email for 30 minutes, but then I was able to
>>> block the offended IP.  Within minutes of doing that the ISP said
>>> attack stop and my server was removed from mitigation.  However the
>>> next day badexit tag on my exit and remains there
>>> 
>>> 
>>> 
>>> How long does the tag last?
>> 
>> So long as the Directory Authorities assign it.
>> 
>>> 
>>> 
>>> I go to my other, overseas exit, a family member, to see the tag is aslo
>>> applied there to.    Do family members get tarred with the same brush?
>> 
>> It depends on the reason for badexiting.
>> 
>>> 
>>> 
>>> I have turned both into relays for the time being.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Or have I got this wrong.   Is it a  DNS thing?  Are no some DNS providers
>>> causing issues forcing the tag?   I am not using opendns.
>> 
>> It could be a DNS thing, I am not sure. I recently pushed a commit
>> that leads to some exits getting that flag. I tried to contact all the
>> relay operators beforehand (some did not have any ContactInfo set) but
>> I got almost no reply back. For details see [1].
>> 
>> What's the fingerprint of your relay that got the badexit flag?
>> 
>> Georg
>> 
>> [1] https://trac.torproject.org/projects/tor/ticket/32864
>> 
>>> 
>>> 
>>> Gerry
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>> 
>> 
>> 
>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200326/8c5dbe72/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20200326/8c5dbe72/attachment-0001.sig>

More information about the tor-relays mailing list