On Sat, 4 Jun 2011 01:31:10 -0700 Mike Perry mikeperry@fscked.org wrote:
Thus spake Jesus Cea (jcea@jcea.es):
On 03/06/11 16:13, tagnaq wrote:
If one out of 1000 circuits through your relay are failing because you filter 443 while relaying 50Mbit/s I would find it acceptable, but I fear it are far more. Do you have any stats? (I'm not sure how to gather them.) Mikes opinion is also be very valuable on such topics.
If somebody can tell me where to look...
You likely need to taylor your iptables rules to also log when you reject these connections: http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-...
This is a *very* dangerous thing for *any* relay to do. Does iptables have support for ‘counters’?
P.P.S. Your ISP is really crazy.
I think ‘evil’ is more appropriate here -- on the other hand, ‘sufficiently advanced cluelessness is indistinguishable from malice’.
Have you thought about giving them alink to a torstatus directory of Tor IPs so they can feed it to their stupid IDS to whitelist for purposes of outgoing connections? We can probably induce torstatus to produce a csv of this IP set if would help.
If, as Moritz Bartl said, his ISP's current Terms of Service for new customers explicitly prohibit Tor, they are likely to respond to this by making up an excuse to turn off his server completely.
Robert Ransom