Hi everybody,
my ISP keeps on receiving abuse reports from shadowserver.org. They claim that an IRC bot operates from the IP that belongs to my tor exit.
The strange thing is that my exit policy only allows web and mail ports. Furthermore, the IPs of the shadowserver honeypots have a ptr entry for *.sinkhole.shadowserver.org.
So, I could block their servers either by means of the exit policy or with iptables. Which one would you prefer?
I additionally wanted to ask here if there is any experience with shadowserver in this regard?
Explaining the issue to my ISP failed. They keep on getting nervous.
Talking to shadowserver also failed, because subscription to their public mailing list is moderated and my direct mails have been ignored for several months now.
Any advice?
regards
Alex