I run an exit node, and as such, I get abuse emails like this from time to time: https://lists.torproject.org/pipermail/tor-relays/2015-October/007982.html
Mostly I ignore them, but since their automated report contains the sentence "Please feel free to send us your comments or responses.", every so often I send something to complain about their practices. To my surprise, apparently somebody does actually read these because today I got a reply.
I'm not reproducing the entire response here without permission (they seem kinda touchy), but the person that replied did mention that they have some kind of rbl "in beta" regarding tor exits. They seemed to imply that doing so was quite a burden on them, though, which I don't really understand (IME blocking tor exits is easy; intentionally so).
I'm trying to keep the conversation going, but I was wondering if anyone from the tor project has tried to reach out to them in some kind of official way? I'm just some random guy, so I don't know if it would be preferable for someone more knowledgeable, or with more access to tor infrastructure, to be conversing with them. (e.g. teor)
I assume some people will say this isn't even worth the effort; it's not like it's hard to just ignore those reports. But it doesn't take much effort to just try to talk ot them, and it perhaps helps to give tor a reputation of cooperation and helpfulness.
On 8/02/2017 15:00, Andrew Deason wrote:
I assume some people will say this isn't even worth the effort; it's not like it's hard to just ignore those reports. But it doesn't take much effort to just try to talk ot them, and it perhaps helps to give tor a reputation of cooperation and helpfulness.
I don't ignore abuse reports, and I've found that Tor's boilerplate abuse templates almost always provide a good response. So it's just a matter of copying and pasting the relevant section and sending it to them.
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
To be honest I could automate the responses with a few scripts, but that would require setting up my own MTA and that's more hassle than is worth it. My exit nodes have a reduced exit policy, and with that I only get about one or two abuse reports a month, which is manageable manually. I'd imagine the ones who operate exit nodes with no restrictions probably get a fair few more notices.
On Wed, 8 Feb 2017 15:09:47 +1100 Tor tor@xemurieh.co.uk wrote:
I don't ignore abuse reports, and I've found that Tor's boilerplate abuse templates almost always provide a good response. So it's just a matter of copying and pasting the relevant section and sending it to them.
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
Normally, yes sure, but this isn't some random place that's never heard of tor before. WebIron is well aware of what tor is, and they seem to have an issue with the tor network in general, not my specific node. They used to include this in their automated reports:
====== Tor: Please note as the abuse from Tor has gotten out of hand, we do not give free passes to abuse coming from Tor exits. See the leader board linked below for more details on the issue. ======
And they even gave instructions for how to block ranges from individual exits: https://www.webiron.com/supporthome/view-article/32-blocking-traffic-from-tor-exit-nodes.html
(They no longer include this info in their reports, from what I can tell.)
But blocking ranges from individual exits doesn't seem useful to them at all; it's even counterproductive, since the attacks/abuse will use a different IP, bypassing their IP-based blacklist.
From my current conversation with them, they are aware of at least some
suggested ways of blocking tor entirely, but claim some issues with doing so. (Something having to do with exit node IPs changing too frequently, making the existing methods useless.)
I am not sure if there are real technical limitations, or there is just a misunderstanding. Since I don't work with the technical details of tor in and out every day, I'm a little hesitant to be arguing with them about the various technical details, since I might get something wrong.
And of course, if there _are_ actual problems with the mechanisms of tor blacklisting, I can't do anything about it myself, and we have to play "telephone" with me reporting some issue second-hand or whatever.
So... I was wondering if there's someone I should "pass off" to :)
All,
I will be blunt and say that I simply ignore them. athey are fully aware of what Tor is, have been told by me and other operators how to block exit nodes and explain that we are simply a conduit.
I am not ignoring them out of spite, but frankly it is tiring to be redundant. I get about 40 or so abuse emails a day and I take the time to respond to them personally unless I'm being spammed, as that's how I see it when all of my emails have been ignored when I respond to them. I prefer not to automate my responses as I find it cold.
John
On Feb 8, 2017, at 01:19, Andrew Deason adeason@dson.org wrote:
On Wed, 8 Feb 2017 15:09:47 +1100 Tor tor@xemurieh.co.uk wrote:
I don't ignore abuse reports, and I've found that Tor's boilerplate abuse templates almost always provide a good response. So it's just a matter of copying and pasting the relevant section and sending it to them.
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
Normally, yes sure, but this isn't some random place that's never heard of tor before. WebIron is well aware of what tor is, and they seem to have an issue with the tor network in general, not my specific node. They used to include this in their automated reports:
====== Tor: Please note as the abuse from Tor has gotten out of hand, we do not give free passes to abuse coming from Tor exits. See the leader board linked below for more details on the issue. ======
And they even gave instructions for how to block ranges from individual exits: https://www.webiron.com/supporthome/view-article/32-blocking-traffic-from-tor-exit-nodes.html
(They no longer include this info in their reports, from what I can tell.)
But blocking ranges from individual exits doesn't seem useful to them at all; it's even counterproductive, since the attacks/abuse will use a different IP, bypassing their IP-based blacklist.
From my current conversation with them, they are aware of at least some suggested ways of blocking tor entirely, but claim some issues with doing so. (Something having to do with exit node IPs changing too frequently, making the existing methods useless.)
I am not sure if there are real technical limitations, or there is just a misunderstanding. Since I don't work with the technical details of tor in and out every day, I'm a little hesitant to be arguing with them about the various technical details, since I might get something wrong.
And of course, if there _are_ actual problems with the mechanisms of tor blacklisting, I can't do anything about it myself, and we have to play "telephone" with me reporting some issue second-hand or whatever.
So... I was wondering if there's someone I should "pass off" to :)
-- Andrew Deason adeason@dson.org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 8 Feb 2017, at 18:03, Andrew Deason adeason@dson.org wrote:
On Wed, 8 Feb 2017 15:09:47 +1100 Tor tor@xemurieh.co.uk wrote:
I don't ignore abuse reports, and I've found that Tor's boilerplate abuse templates almost always provide a good response. So it's just a matter of copying and pasting the relevant section and sending it to them.
https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
Normally, yes sure, but this isn't some random place that's never heard of tor before. WebIron is well aware of what tor is, and they seem to have an issue with the tor network in general, not my specific node. They used to include this in their automated reports:
====== Tor: Please note as the abuse from Tor has gotten out of hand, we do not give free passes to abuse coming from Tor exits. See the leader board linked below for more details on the issue. ======
And they even gave instructions for how to block ranges from individual exits: https://www.webiron.com/supporthome/view-article/32-blocking-traffic-from-tor-exit-nodes.html
(They no longer include this info in their reports, from what I can tell.)
But blocking ranges from individual exits doesn't seem useful to them at all; it's even counterproductive, since the attacks/abuse will use a different IP, bypassing their IP-based blacklist.
And it's wrong:
Tor attempts to find the closest exit node to the end point in attempts to speed up service. In most cases, because of this it is possible to curb abuse originating from the same places by blocking outbound traffic from just a few exit nodes.
And their firewall method is unhelpful, as it may get exits the BadExit flag:
There are a few ways exit traffic can be rejected:
• On the exit nodes themselves • Tor exit itself (see: https://www.torproject.org/docs/tor-manual.html.en re: "ExitPolicy policy,policy,…") • Local firewall (ie: IPTables/Windows firewall)
From my current conversation with them, they are aware of at least some suggested ways of blocking tor entirely, but claim some issues with doing so. (Something having to do with exit node IPs changing too frequently, making the existing methods useless.)
I am not sure if there are real technical limitations, or there is just a misunderstanding. Since I don't work with the technical details of tor in and out every day, I'm a little hesitant to be arguing with them about the various technical details, since I might get something wrong.
And of course, if there _are_ actual problems with the mechanisms of tor blacklisting, I can't do anything about it myself, and we have to play "telephone" with me reporting some issue second-hand or whatever.
They are probably using the wrong list, there are reliable lists maintained by Tor, as far as I know.
So... I was wondering if there's someone I should "pass off" to :)
Ask them to join tor-access@ and explain their issues?
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
On Wed, 8 Feb 2017 18:22:33 +1100 teor teor2345@gmail.com wrote:
On 8 Feb 2017, at 18:03, Andrew Deason adeason@dson.org wrote:
And they even gave instructions for how to block ranges from individual exits: https://www.webiron.com/supporthome/view-article/32-blocking-traffic-from-tor-exit-nodes.html
[...]
And it's wrong:
Tor attempts to find the closest exit node to the end point in attempts to speed up service. In most cases, because of this it is possible to curb abuse originating from the same places by blocking outbound traffic from just a few exit nodes.
Just to be clear for the archives etc, I believe you are quoting text from that page, and that text is incorrect. Tor doesn't choose exits that way (unless a user specifically chooses a set of exits near the target or something); that would be silly.
From my current conversation with them, they are aware of at least some suggested ways of blocking tor entirely, but claim some issues with doing so. (Something having to do with exit node IPs changing too frequently, making the existing methods useless.)
I am not sure if there are real technical limitations, or there is just a misunderstanding. Since I don't work with the technical details of tor in and out every day, I'm a little hesitant to be arguing with them about the various technical details, since I might get something wrong.
And of course, if there _are_ actual problems with the mechanisms of tor blacklisting, I can't do anything about it myself, and we have to play "telephone" with me reporting some issue second-hand or whatever.
They are probably using the wrong list, there are reliable lists maintained by Tor, as far as I know.
As far as I can tell, the specific complaint here was that TorDNSEL caches results for 30 minutes; I can see the results indeed give a TTL of 30 minutes. You can just ignore the TTL though, but maybe they were also (allegedly) seeing the information itself be 30 minutes stale. I don't know.
Anyway, so the claim (I think) is that the TorDNSEL data would be out of date, and they would block based on that, so they would be missing some. Attackers would then try running their exploit repeatedly until they found an exit that works; and since (they claim) tor exit IPs change so frequently, this would always be a problem. (Even if all of this were true, how this is any better at all from having individual exits block the target ranges via ExitPolicy from their automated reports is beyond me.)
It also seems like a service like theirs wouldn't be using TorDNSEL, but instead maybe doing something parsed from consensus itself, but that's just me.
So... I was wondering if there's someone I should "pass off" to :)
Ask them to join tor-access@ and explain their issues?
Yeah, I hadn't seen your other message when I sent this. It seems doubtful to get them to participate in that, but it's a good pointer to provide, and I'm at least glad that I now know about that list. So, thanks :)
On 10 Feb 2017, at 13:13, Andrew Deason adeason@dson.org wrote:
From my current conversation with them, they are aware of at least some suggested ways of blocking tor entirely, but claim some issues with doing so. (Something having to do with exit node IPs changing too frequently, making the existing methods useless.)
I am not sure if there are real technical limitations, or there is just a misunderstanding. Since I don't work with the technical details of tor in and out every day, I'm a little hesitant to be arguing with them about the various technical details, since I might get something wrong.
And of course, if there _are_ actual problems with the mechanisms of tor blacklisting, I can't do anything about it myself, and we have to play "telephone" with me reporting some issue second-hand or whatever.
They are probably using the wrong list, there are reliable lists maintained by Tor, as far as I know.
As far as I can tell, the specific complaint here was that TorDNSEL caches results for 30 minutes; I can see the results indeed give a TTL of 30 minutes. You can just ignore the TTL though, but maybe they were also (allegedly) seeing the information itself be 30 minutes stale. I don't know.
Anyway, so the claim (I think) is that the TorDNSEL data would be out of date, and they would block based on that, so they would be missing some. Attackers would then try running their exploit repeatedly until they found an exit that works; and since (they claim) tor exit IPs change so frequently, this would always be a problem. (Even if all of this were true, how this is any better at all from having individual exits block the target ranges via ExitPolicy from their automated reports is beyond me.)
It also seems like a service like theirs wouldn't be using TorDNSEL, but instead maybe doing something parsed from consensus itself, but that's just me.
Consensuses only come out every hour, and almost all tor clients wait at least another hour before downloading them, so they have a head start.
But no wonder they are having trouble if they are just using the consensus: it only contains ORPort/DirPort IP addresses.
And Exits are free to use another IP as their OutboundBindAddress, so some of the Tor exit lists check by actually making a connection through the Exit.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
On Fri, 10 Feb 2017 14:41:17 +1100 teor teor2345@gmail.com wrote:
But no wonder they are having trouble if they are just using the consensus: it only contains ORPort/DirPort IP addresses.
No no, that was just me thinking about how they could/should go about it. I just meant, some form of downloading the entire list, instead of checking one-by-one via TorDNSEL.
If the consensus doc shouldn't be used for this, what should? Just https://check.torproject.org/exit-addresses? I assumed lists like these were gathered from network-status-consensus or something.
And Exits are free to use another IP as their OutboundBindAddress, so some of the Tor exit lists check by actually making a connection through the Exit.
Are these not advertised anywhere, and not reflected in TorDNSEL/exit-addresses? Is the only way to get a "real" list of exit IPs then to connect through each exit? If so, that indeed is much more cumbersome than I thought.
On Fri, Feb 10, 2017 at 02:36:30AM -0600, Andrew Deason wrote:
No no, that was just me thinking about how they could/should go about it. I just meant, some form of downloading the entire list, instead of checking one-by-one via TorDNSEL.
If the consensus doc shouldn't be used for this, what should? Just https://check.torproject.org/exit-addresses? I assumed lists like these were gathered from network-status-consensus or something.
You want the bulk exit list script:
https://check.torproject.org/cgi-bin/TorBulkExitList.py
For example,
https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=128.31.0.39&p...
--Roger
On Fri, 10 Feb 2017 04:22:46 -0500 Roger Dingledine arma@mit.edu wrote:
On Fri, Feb 10, 2017 at 02:36:30AM -0600, Andrew Deason wrote:
No no, that was just me thinking about how they could/should go about it. I just meant, some form of downloading the entire list, instead of checking one-by-one via TorDNSEL.
If the consensus doc shouldn't be used for this, what should? Just https://check.torproject.org/exit-addresses? I assumed lists like these were gathered from network-status-consensus or something.
You want the bulk exit list script:
https://check.torproject.org/cgi-bin/TorBulkExitList.py
For example,
https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=128.31.0.39&p...
That only works for a specific ip/port endpoint; I was wondering how to get a list of all potential exits (say, everything with the Exit flag). It seems like a service like WebIron may try to protect so many endpoints that repeatedly querying TorBulkExitList.py for every single one is impractical.
TorBulkExitList.py links to https://check.torproject.org/exit-addresses, though, which is why I asked about that.
On 08.02.2017 08:03, Andrew Deason wrote:
WebIron is well aware of what tor is, and they seem to have an issue with the tor network in general, not my specific node.
I have had an e-mail conversation with a Webiron employee. I don't want to give details without permission, but in a nutshell, this was what I understood:
Webiron is indeed completely aware of what Tor is. Webiron thinks that the abuse via Tor outweighs privacy concerns. Webiron is unwilling to exclude Tor exits from their automated checks, and is also unwilling to mitigate the perceived problem on their end.
I'd like to add that the tone of the e-mails I received was quite aggressive, threatening "blocking your whole business". I pointed out this mailing list, but I have not heard any feedback beyond that.
After several months of automated complaints, I feel that I have not much choice, and I am now ignoring Webiron completely.
-Ralph
So less than 24 hours after the previous post and someone, mysteriously, subscribed the abuse mailbox to > 2,000 newsletters.. Of course I do not have proof nor am interested on who’s behind this and it didn’t cause any bad, just good (gave me plenty of data to research). Also, it seems every time I tweet about Web Iron, more e-mails arrive. The people behind this “attack” didn’t even bother to hide their IPs.. I thought they could use Tor to at least make me think Tor is evil and bad and I should block it.. :-)
Anyways.. Yeah.. Web Iron seems aggressive in their replies.
Antonios
On 08 Feb 2017, at 16:42, Ralph Seichter tor-relays-ml@horus-it.de wrote:
On 08.02.2017 08:03, Andrew Deason wrote:
WebIron is well aware of what tor is, and they seem to have an issue with the tor network in general, not my specific node.
I have had an e-mail conversation with a Webiron employee. I don't want to give details without permission, but in a nutshell, this was what I understood:
Webiron is indeed completely aware of what Tor is. Webiron thinks that the abuse via Tor outweighs privacy concerns. Webiron is unwilling to exclude Tor exits from their automated checks, and is also unwilling to mitigate the perceived problem on their end.
I'd like to add that the tone of the e-mails I received was quite aggressive, threatening "blocking your whole business". I pointed out this mailing list, but I have not heard any feedback beyond that.
After several months of automated complaints, I feel that I have not much choice, and I am now ignoring Webiron completely.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 02/08/2017 11:25 AM, DaKnOb wrote:
So less than 24 hours after the previous post and someone, mysteriously, subscribed the abuse mailbox to > 2,000 newsletters.. Of course I do not have proof nor am interested on who’s behind this and it didn’t cause any bad, just good (gave me plenty of data to research). Also, it seems every time I tweet about Web Iron, more e-mails arrive. The people behind this “attack” didn’t even bother to hide their IPs.. I thought they could use Tor to at least make me think Tor is evil and bad and I should block it.. :-)
How many IPs? That behavior screams "botnet" to me :)
Anyways.. Yeah.. Web Iron seems aggressive in their replies.
Antonios
On 08 Feb 2017, at 16:42, Ralph Seichter tor-relays-ml@horus-it.de wrote:
On 08.02.2017 08:03, Andrew Deason wrote:
WebIron is well aware of what tor is, and they seem to have an issue with the tor network in general, not my specific node.
I have had an e-mail conversation with a Webiron employee. I don't want to give details without permission, but in a nutshell, this was what I understood:
Webiron is indeed completely aware of what Tor is. Webiron thinks that the abuse via Tor outweighs privacy concerns. Webiron is unwilling to exclude Tor exits from their automated checks, and is also unwilling to mitigate the perceived problem on their end.
I'd like to add that the tone of the e-mails I received was quite aggressive, threatening "blocking your whole business". I pointed out this mailing list, but I have not heard any feedback beyond that.
After several months of automated complaints, I feel that I have not much choice, and I am now ignoring Webiron completely.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Two IPs in the US, one is FiOS.. I'm thinking they didn't even bother to hide, but that may be the case, sure. The FiOS IP is static.
On 9 Feb 2017, at 08:19, Mirimir mirimir@riseup.net wrote:
On 02/08/2017 11:25 AM, DaKnOb wrote: So less than 24 hours after the previous post and someone, mysteriously, subscribed the abuse mailbox to > 2,000 newsletters.. Of course I do not have proof nor am interested on who’s behind this and it didn’t cause any bad, just good (gave me plenty of data to research). Also, it seems every time I tweet about Web Iron, more e-mails arrive. The people behind this “attack” didn’t even bother to hide their IPs.. I thought they could use Tor to at least make me think Tor is evil and bad and I should block it.. :-)
How many IPs? That behavior screams "botnet" to me :)
Anyways.. Yeah.. Web Iron seems aggressive in their replies.
Antonios
On 08 Feb 2017, at 16:42, Ralph Seichter tor-relays-ml@horus-it.de wrote:
On 08.02.2017 08:03, Andrew Deason wrote:
WebIron is well aware of what tor is, and they seem to have an issue with the tor network in general, not my specific node.
I have had an e-mail conversation with a Webiron employee. I don't want to give details without permission, but in a nutshell, this was what I understood:
Webiron is indeed completely aware of what Tor is. Webiron thinks that the abuse via Tor outweighs privacy concerns. Webiron is unwilling to exclude Tor exits from their automated checks, and is also unwilling to mitigate the perceived problem on their end.
I'd like to add that the tone of the e-mails I received was quite aggressive, threatening "blocking your whole business". I pointed out this mailing list, but I have not heard any feedback beyond that.
After several months of automated complaints, I feel that I have not much choice, and I am now ignoring Webiron completely.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, 8 Feb 2017 15:42:21 +0100 Ralph Seichter tor-relays-ml@horus-it.de wrote:
I'd like to add that the tone of the e-mails I received was quite aggressive, threatening "blocking your whole business".
Yes, I left this out of my own report, but this is similar to my own experience. However, since I wasn't expecting anyone to actually read it, my initial response to their automated report admittedly wasn't very friendly. I feel a little bad about that, but I did cool off once I saw I was actually talking to a human.
And that's the other reason I feel dumping these off on someone else can be helpful if possible: trying to keep a civil technical conversation going in the face of aggression can be draining.
On 8 Feb 2017, at 15:00, Andrew Deason adeason@dson.org wrote:
I run an exit node, and as such, I get abuse emails like this from time to time: https://lists.torproject.org/pipermail/tor-relays/2015-October/007982.html
Mostly I ignore them, but since their automated report contains the sentence "Please feel free to send us your comments or responses.", every so often I send something to complain about their practices. To my surprise, apparently somebody does actually read these because today I got a reply.
I'm not reproducing the entire response here without permission (they seem kinda touchy), but the person that replied did mention that they have some kind of rbl "in beta" regarding tor exits. They seemed to imply that doing so was quite a burden on them, though, which I don't really understand (IME blocking tor exits is easy; intentionally so).
I'm trying to keep the conversation going, but I was wondering if anyone from the tor project has tried to reach out to them in some kind of official way? I'm just some random guy, so I don't know if it would be preferable for someone more knowledgeable, or with more access to tor infrastructure, to be conversing with them. (e.g. teor)
I assume some people will say this isn't even worth the effort; it's not like it's hard to just ignore those reports. But it doesn't take much effort to just try to talk ot them, and it perhaps helps to give tor a reputation of cooperation and helpfulness.
I'd be happy to talk to them, but perhaps the tor-access list is the best forum: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-access
I'd be willing to discuss their goals and how they could achieve them, and help them understand the collateral damage resulting from blocking the entire tor network.
(And the likely impact on networks with few IPv4 addresses, which tend to be in areas with lower levels of network access: typically poorer areas and less well developed countries.)
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
On 8 Feb 2017, at 17:59, niftybunny abuse@to-surf-and-protect.net wrote:
(And the likely impact on networks with few IPv4 addresses, which tend to be in areas with lower levels of network access: typically poorer areas and less well developed countries.)
*citation needed
Just compare the MIT IPv4 address allocations to those for many Asian countries. [original research]
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
South Korea and many many other Asian countries like Japan will blow you out of the water with bw, coverage and usage of the interwebs. Just because you were lucky to start the internet and get the most class a and b networks doesnt mean that countries with a hugs IPv6 coverage are 3th world countries. If you like IPv6 or not, its the future and it will fuck you up if you ignore it long enough.
Source: Me CCNP
niftybunny abuse@to-surf-and-protect.net
On 8 Feb 2017, at 08:01, teor teor2345@gmail.com wrote:
On 8 Feb 2017, at 17:59, niftybunny abuse@to-surf-and-protect.net wrote:
(And the likely impact on networks with few IPv4 addresses, which tend to be in areas with lower levels of network access: typically poorer areas and less well developed countries.)
*citation needed
Just compare the MIT IPv4 address allocations to those for many Asian countries. [original research]
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, 8 Feb 2017 17:55:34 +1100 teor teor2345@gmail.com wrote:
I'd be happy to talk to them, but perhaps the tor-access list is the best forum: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-access
I'd be willing to discuss their goals and how they could achieve them, and help them understand the collateral damage resulting from blocking the entire tor network.
I think this is clear from the rest of the thread, but just to mention it here: they seem well beyond trying to let tor users in via captchas or other such solutions like you're discussing with cloudflare etc. They seem to be of the opinion that just blocking tor is impractical, so I wouldn't have much hope in trying to get them to do anything more.
I am giving them your contact info and that list, though, so if they ever reach out, you are welcome to try :)
Incidentally yesterday I published a blog post featuring them and why their abuse e-mails are plain spam:
https://blog.daknob.net/security-companies-and-abuse-e-mails/ https://blog.daknob.net/security-companies-and-abuse-e-mails/
On 08 Feb 2017, at 06:00, Andrew Deason adeason@dson.org wrote:
I run an exit node, and as such, I get abuse emails like this from time to time: https://lists.torproject.org/pipermail/tor-relays/2015-October/007982.html
Mostly I ignore them, but since their automated report contains the sentence "Please feel free to send us your comments or responses.", every so often I send something to complain about their practices. To my surprise, apparently somebody does actually read these because today I got a reply.
I'm not reproducing the entire response here without permission (they seem kinda touchy), but the person that replied did mention that they have some kind of rbl "in beta" regarding tor exits. They seemed to imply that doing so was quite a burden on them, though, which I don't really understand (IME blocking tor exits is easy; intentionally so).
I'm trying to keep the conversation going, but I was wondering if anyone from the tor project has tried to reach out to them in some kind of official way? I'm just some random guy, so I don't know if it would be preferable for someone more knowledgeable, or with more access to tor infrastructure, to be conversing with them. (e.g. teor)
I assume some people will say this isn't even worth the effort; it's not like it's hard to just ignore those reports. But it doesn't take much effort to just try to talk ot them, and it perhaps helps to give tor a reputation of cooperation and helpfulness.
-- Andrew Deason adeason@dson.org _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hear, hear!
On Feb 8, 2017, at 02:06, DaKnOb <daknob@daknob.netmailto:daknob@daknob.net> wrote:
Incidentally yesterday I published a blog post featuring them and why their abuse e-mails are plain spam:
https://blog.daknob.net/security-companies-and-abuse-e-mails/
On 08 Feb 2017, at 06:00, Andrew Deason <adeason@dson.orgmailto:adeason@dson.org> wrote:
I run an exit node, and as such, I get abuse emails like this from time to time: https://lists.torproject.org/pipermail/tor-relays/2015-October/007982.html
Mostly I ignore them, but since their automated report contains the sentence "Please feel free to send us your comments or responses.", every so often I send something to complain about their practices. To my surprise, apparently somebody does actually read these because today I got a reply.
I'm not reproducing the entire response here without permission (they seem kinda touchy), but the person that replied did mention that they have some kind of rbl "in beta" regarding tor exits. They seemed to imply that doing so was quite a burden on them, though, which I don't really understand (IME blocking tor exits is easy; intentionally so).
I'm trying to keep the conversation going, but I was wondering if anyone from the tor project has tried to reach out to them in some kind of official way? I'm just some random guy, so I don't know if it would be preferable for someone more knowledgeable, or with more access to tor infrastructure, to be conversing with them. (e.g. teor)
I assume some people will say this isn't even worth the effort; it's not like it's hard to just ignore those reports. But it doesn't take much effort to just try to talk ot them, and it perhaps helps to give tor a reputation of cooperation and helpfulness.
-- Andrew Deason adeason@dson.orgmailto:adeason@dson.org _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.orgmailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.orgmailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi all,
@DaKnOb - read the article - nice.
I was in contact with Webiron maby 1.5 years ago - with a guy who claimed to be the CTO. Frankly sometimes it felt if the whole thing is a one man show.
However after a 2 days mail conversation where he was not behaving very appropriate I finally managed to get on their SPAM ignore list.
Since then it is quite. We react to automated mails by automated mails mentioning if the problem persits please contact another address. Therefore only the important stuff gets through.
Writing to Webiron is a 100% wast of time. I offered him to look at them regarding their big problems with tor - but nothing came ever back. They are just complaining - reasoning won't help.
Save you time for more important stuff.
best regards
Dirk
On 08.02.2017 08:59, DaKnOb wrote:
Incidentally yesterday I published a blog post featuring them and why their abuse e-mails are plain spam:
https://blog.daknob.net/security-companies-and-abuse-e-mails/
On 08 Feb 2017, at 06:00, Andrew Deason <adeason@dson.org mailto:adeason@dson.org> wrote:
I run an exit node, and as such, I get abuse emails like this from time to time: https://lists.torproject.org/pipermail/tor-relays/2015-October/007982.html
Mostly I ignore them, but since their automated report contains the sentence "Please feel free to send us your comments or responses.", every so often I send something to complain about their practices. To my surprise, apparently somebody does actually read these because today I got a reply.
I'm not reproducing the entire response here without permission (they seem kinda touchy), but the person that replied did mention that they have some kind of rbl "in beta" regarding tor exits. They seemed to imply that doing so was quite a burden on them, though, which I don't really understand (IME blocking tor exits is easy; intentionally so).
I'm trying to keep the conversation going, but I was wondering if anyone from the tor project has tried to reach out to them in some kind of official way? I'm just some random guy, so I don't know if it would be preferable for someone more knowledgeable, or with more access to tor infrastructure, to be conversing with them. (e.g. teor)
I assume some people will say this isn't even worth the effort; it's not like it's hard to just ignore those reports. But it doesn't take much effort to just try to talk ot them, and it perhaps helps to give tor a reputation of cooperation and helpfulness.
-- Andrew Deason adeason@dson.org mailto:adeason@dson.org _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I'd like to mention a few additional things:
Firstly if you look at the source code of their mail, then you will find that the image is hosted at a unique URL. Automatically loading the image will let them know that you opened the mail. They also publish this info in their abuse feed e.g.:
https://www.webiron.com/abuse_feed/
E-Mail Action: opened 2017-02-11 19:20:24.804194-07 abuse ATH us.leaseweb.com Host has opened and viewed report
Then they also have a twitter bot which tweets nonsensical info into the www - https://twitter.com/webironbots
And lastly I tried to reply to one of their emails, but my mails are being rejected at their mx, even though the torexit and my mx are on different IPs. I inquired via their support-form and I received a very hostile reply (just like everyone else here) that my AS couldn't be trusted. So they rather block the whole AS on their mx (but they can't just block tor-exits????)
On 08.02.2017 08:59 AM, DaKnOb wrote:
Incidentally yesterday I published a blog post featuring them and why their abuse e-mails are plain spam:
https://blog.daknob.net/security-companies-and-abuse-e-mails/
On 08 Feb 2017, at 06:00, Andrew Deason adeason@dson.org wrote:
I run an exit node, and as such, I get abuse emails like this from time to time:
https://lists.torproject.org/pipermail/tor-relays/2015-October/007982.html
Mostly I ignore them, but since their automated report contains the sentence "Please feel free to send us your comments or responses.", every so often I send something to complain about their practices. To my surprise, apparently somebody does actually read these because today I got a reply.
I'm not reproducing the entire response here without permission (they seem kinda touchy), but the person that replied did mention that they have some kind of rbl "in beta" regarding tor exits. They seemed to imply that doing so was quite a burden on them, though, which I don't really understand (IME blocking tor exits is easy; intentionally so).
I'm trying to keep the conversation going, but I was wondering if anyone from the tor project has tried to reach out to them in some kind of official way? I'm just some random guy, so I don't know if it would be preferable for someone more knowledgeable, or with more access to tor infrastructure, to be conversing with them. (e.g. teor)
I assume some people will say this isn't even worth the effort; it's not like it's hard to just ignore those reports. But it doesn't take much effort to just try to talk ot them, and it perhaps helps to give tor a reputation of cooperation and helpfulness.
-- Andrew Deason adeason@dson.org _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Andrew Deason -
DaKnOb -
Dirk Eschbach -
John Ricketts -
Mirimir -
niftybunny -
Ralph Seichter -
Roger Dingledine -
Schokomilch NOC -
teor -
Tor