On Tue, 22 May 2012 13:17:20 -0700 Mike Perry mikeperry@torproject.org allegedly wrote:
As of yet, no one has mentioned the port. Out of curiosity, is it included in the Reduced Exit Policy? https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
Mike
The port number reported was 80. My exit policy was restricted to 80 and 443 anyway. Interestingly (and confusingly) though, one report was for an attack on port 8080. But since the report gave this evidence:
"Destination: 10.15.116.34 (8080) Content: os=185--technique=BES HTTP/1.1 Accept-Encoding: identity Accept-Language: en-us,en;q=0.5 Connection: close Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: sqlmap/1.0-dev (r4997) (http://www.sqlmap.org) Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 200.189.116.10 Pragma: no-cache Cache-Control: no-cache,no-store"
and the address of the target is clearly an RFC1918 reserved net, I figured this host was behind some device doing NAT, possibly a web load balancer of some kind. Sort of (sadly) amusing though that the complainant didn't notice that they were accusing me of attacking an unrouteable network.......
Also, I think the right answer is a solution like https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates#SSHBrute... rather than blocking anything on the relay side.
Given the above, I doubt the capability of the complainant to implement such a strategy. Simpler just to complain to another ISP and get them to own the problem.
Yeah, this sucks. But hey, if you're forced to be a middle relay, you now have a lot of really super cheap options for bandwidth. You should consider shopping around. Bandwidth litterally gets cheaper every year.
For example, last year, FDCservers was charging $600/mo for 1 Gbit dedicated. This year, they now provide a 10 Gbit line for that price!
FDC doesn't allow exits either, but the falling price points tells me you should seriously try to renegotiate price with your ISP (or just move elsewhere) if they are degrading your service by forcing you into non-exit.
Exit bandwidth is worth paying a premium for, because it does require more resources at the ISPs end in terms of occasional abuse noise. You could also try negotiating upwards if your ISP's prices are already competitive with FDC's for middle service. Something tells me they're not, though :).
I'm not in the market for a $600/month server. I'm a private individual paying for as much bandwidth as I can afford on a VPS dedicated to tor. I also provide a tails mirror on another VPS. But yes, I may now move to another provider. My current ISP seems no longer to want to support me.
Mick
--------------------------------------------------------------------- blog: baldric.net fingerprint: E8D2 8882 F7AE DEB7 B2AA 9407 B9EA 82CC 1092 7423 ---------------------------------------------------------------------