[tor-talk] cave updates, Qwest

scar scar at drigon.com
Wed Mar 30 16:47:55 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Kyle Williams @ 01/28/2011 02:29 PM:
> I'm not sure if anyone has said this yet, but THANK YOU.
>
> You are one of the few who is fighting a big ISP for the sake of
> everyone else.  In doing so you spend your time, energy, and reputation
> to help get through to your ISP that anonymity systems like Tor are
> needed and should be accepted openly.  Hell yes go to the BBB, play the
> 'patriotic' card, explain what Tor is and how you're helping poor people
> in censored countries experience a freedom in the 21st, etc, etc.
>
> Thank you and keep up the good fight,

thanks i appreciate it.

some more updates.

i did file my complaint with the BBB.  Qwest seems to have flip-flopped
on their position and is now saying they will not allow the running of
Tor.  So that is all on file with the BBB now.

Even though Qwest has changed their position, i continue to run the exit
node.  My service will get disconnected every few weeks, I will contact
Qwest to re-explain the situation and get my service re-activated.  They
will send me their logs of what is triggering the disconnection.  Each
time i augment my exit policy to try and block the malicious traffic.

I've also been able to squeeze another 6 months of 40M/20M service for
$30/month so i am a bit reluctant to actually jump ship.  I think as
long as they quickly re-activate my service and I continue to be
transparent and active in augmenting my exit policy, I'll be able to
continue this endeavor.

below are the most recent entries that Qwest has forwarded to me.  i'd
like to figure out how to block this.  i will not block port 80, that
will be the last thing i block.  i guess i can try blocking
87.106.24.200 and 74.208.164.166 which are shadowserver sinkholes....


Date/Time Seen (GMT)   IP Address        Infection Data (*)
- --------------------   ---------------   ------------------------------
date: 2011-03-29  list: bots           IPs: 70.57.229.88
2011-03-28 02:16:35    70.57.229.88      infection => 'bots', subtype =>
'sinkhole', port => '41390', cc => 87.106.24.200  , cc_port => '80',
type => 'tcp', count => '1', p0f_detail => '2.6 (newer, 3)',
sourceSummary => 'Drone Report', p0f_genre => 'Linux'
2011-03-28 02:16:35    70.57.229.88      infection => 'bots', subtype =>
'sinkhole', port => '41390', cc => 87.106.24.200  , cc_port => '80',
type => 'tcp', count => '1', p0f_detail => '2.6 (newer, 3)',
sourceSummary => 'Drone Report', p0f_genre => 'Linux'
date: 2011-03-15  list: bots           IPs: 184.99.178.114
2011-03-13 05:29:16    184.99.178.114    infection => 'bots', subtype =>
'sinkhole', port => '53843', cc => 74.208.164.166 , cc_port => '80',
type => 'tcp', count => '1', p0f_detail => '2.6 (newer, 3)',
sourceSummary => 'Drone Report', p0f_genre => 'Linux'
2011-03-13 05:29:16    184.99.178.114    infection => 'bots', subtype =>
'sinkhole', port => '53843', cc => 74.208.164.166 , cc_port => '80',
type => 'tcp', count => '1', p0f_detail => '2.6 (newer, 3)',
sourceSummary => 'Drone Report', p0f_genre => 'Linux'
date: 2011-03-13  list: bots           IPs: 184.99.175.112
2011-03-11 17:39:46    184.99.175.112    infection => 'bots', subtype =>
'sinkhole', port => '43572', cc => 87.106.24.200  , cc_port => '80',
type => 'tcp', count => '1', p0f_detail => '2.6 (newer, 3)',
sourceSummary => 'Drone Report', p0f_genre => 'Linux'
2011-03-11 17:39:46    184.99.175.112    infection => 'bots', subtype =>
'sinkhole', port => '43572', cc => 87.106.24.200  , cc_port => '80',
type => 'tcp', count => '1', p0f_detail => '2.6 (newer, 3)',
sourceSummary => 'Drone Report', p0f_genre => 'Linux'

-----BEGIN PGP SIGNATURE-----

iEYEAREIAAYFAk2TXrkACgkQXhfCJNu98qACegCfc5yaMQmJCOg8c6U6o2WeQInp
rJsAniWErfUTffSE6HuBupH6IzNccMpD
=mikt
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list