On 8 Feb 2017, at 18:03, Andrew Deason adeason@dson.org wrote:
On Wed, 8 Feb 2017 15:09:47 +1100 Tor tor@xemurieh.co.uk wrote:
I don't ignore abuse reports, and I've found that Tor's boilerplate abuse templates almost always provide a good response. So it's just a matter of copying and pasting the relevant section and sending it to them.
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
Normally, yes sure, but this isn't some random place that's never heard of tor before. WebIron is well aware of what tor is, and they seem to have an issue with the tor network in general, not my specific node. They used to include this in their automated reports:
====== Tor: Please note as the abuse from Tor has gotten out of hand, we do not give free passes to abuse coming from Tor exits. See the leader board linked below for more details on the issue. ======
And they even gave instructions for how to block ranges from individual exits: https://www.webiron.com/supporthome/view-article/32-blocking-traffic-from-tor-exit-nodes.html
(They no longer include this info in their reports, from what I can tell.)
But blocking ranges from individual exits doesn't seem useful to them at all; it's even counterproductive, since the attacks/abuse will use a different IP, bypassing their IP-based blacklist.
And it's wrong:
Tor attempts to find the closest exit node to the end point in attempts to speed up service. In most cases, because of this it is possible to curb abuse originating from the same places by blocking outbound traffic from just a few exit nodes.
And their firewall method is unhelpful, as it may get exits the BadExit flag:
There are a few ways exit traffic can be rejected:
• On the exit nodes themselves • Tor exit itself (see: https://www.torproject.org/docs/tor-manual.html.en re: "ExitPolicy policy,policy,…") • Local firewall (ie: IPTables/Windows firewall)
From my current conversation with them, they are aware of at least some suggested ways of blocking tor entirely, but claim some issues with doing so. (Something having to do with exit node IPs changing too frequently, making the existing methods useless.)
I am not sure if there are real technical limitations, or there is just a misunderstanding. Since I don't work with the technical details of tor in and out every day, I'm a little hesitant to be arguing with them about the various technical details, since I might get something wrong.
And of course, if there _are_ actual problems with the mechanisms of tor blacklisting, I can't do anything about it myself, and we have to play "telephone" with me reporting some issue second-hand or whatever.
They are probably using the wrong list, there are reliable lists maintained by Tor, as far as I know.
So... I was wondering if there's someone I should "pass off" to :)
Ask them to join tor-access@ and explain their issues?
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------