ExitPolicy abuse
Giorgos Pallas
gpall at ccf.auth.gr
Wed Feb 9 11:58:15 UTC 2005
FYI: I also had the google groups abuse report for my server...
SK wrote:
>Strangely I had exactly the same two reports against my Tor server
>
>1- 2005-01-26 19:35:04 unknown, bots
>2 - Google Groups posting via their HTTP interface (eg. on Sun, 6 Feb
>2005 11:43:32 +0000 (UTC))
>
>After the 1st incident was reported to me, I changed the exit policy
>to block IRC because I reasoned that the bot could be an IRC based on.
>Changing the exit policy to allow only 80, 443 and 22 I thought I will
>be fine, until the second report came in.
>
>SURFNet which owns the network that my Univ uses (Tor runs on my Univ
>machine) is well know to react pretty hard to abuse reports. "Thanks"
>to their forwarding of the report to Univ's CERT, I had to shutdown my
>Tor server (rather abruptly) on Sunday.
>
>As of now, I am deciding whether to restart the server with a reject
>*:* or not to run any server at all, since I do not know how much of a
>benefit anyone will have with a Tor server with such a strict exit
>policy :(
>
>Any suggestions?
>
>SK
>
>On Tue, 8 Feb 2005 20:12:44 -0500, Christopher Heschong <chris at wiw.org> wrote:
>
>
>>Besides the fact that shutting down someone based on a single report
>>from the notoriously inaccurate SpamCop is silly, I did some
>>investigation. The spam reported was actually posted through Google
>>Groups via their HTTP interface to the Usenet network. This is a
>>possible spam propagation vector you server runners may want to take
>>note of.
>>
>>Here's one of the messages from google groups:
>>
>>http://groups-beta.google.com/group/alt.make.money.fast/msg/
>>c6b998ea193e2fa2?dmode=source
>>
>>
>>
>
>(..........)
>
>
>
>>Unfortunately, I'm not rich enough to own my own network infrastructure
>>these days. Since the first "spam" allegation got me shut down for
>>over 12 hours (mostly due to poor customer service at my network
>>provider) I've had to make the painful (to me) decision to change my
>>ExitPolicy to reject *:* and thought some others here might be
>>interested.
>>
>>I hope that others running tor servers who have the ability to combat
>>this sort of network muzzling will do so. Exit nodes are where the tor
>>rubber meets the road, imho, and network AUP bullying is totally
>>shameful (please conveniently ignore the fact that I caved at the first
>>sign of problems... :) Anonymous access to network resources is a
>>vital tool for liberty, so those who can push back on this sort of
>>abuse (and by abuse I mean being beaten up with an AUP stick), please
>>push a little harder for us little guys.
>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5882 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050209/33e01c7a/attachment.bin>
More information about the tor-talk
mailing list