Thanks for keeping us updated. If you ever need money for legal fees, a support campaign, or anything like that: let me know. I can round up a lot of assistance through BinaryFreedom and the Anarchist Black Cross. Comrade Ringo Kamens Armed Division, 35th Parallel
On Feb 20, 2008 11:22 AM, Tom Hek <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello fellow Tor relay admins, > > I run several Tor relays on residential DSL connections. This morning my > dad called me, telling me that my ISP had disconnected us from the > Internet because of a Trojan running on my systems (I wasn't at home at > that moment ;)). They had received a abuse complainant that one of my > boxes on this DSL connection was on a botnet. > > I checked the timestamp of the log they sended to me with the uptime of > the computers. Only the computer that was running a Tor node was online. > It was pretty obvious that the botnet connections were coming from this > box. The box was clean, had no rootkits installed or other malicious > software, so it was Tor, relaying a connection for a bot. > > My ISP didn't knew what Tor was and asked if "that Tor" logged the > connections that were running through it. I told them Tor was an > anonymity system so it doesn't keep any logs of the traffic that's going > through it. They were confused, they told me that every decent Tor relay > keeps a log of the connections running through it. > > I'm living in The Netherlands, running this Tor node on the ISP XS4ALL. > XS4ALL is one of the ISP's with the most knowledge of the internet and > the things happening on the internet. I'm pretty shocked that they > didn't knew about Tor. I want to alert all the Tor relay admins that are > running Tor nodes on a connection from XS4ALL to be prepared to get > disconnected, because they think there is a trojan or rootkit running on > your system.. > > XS4ALL restored the DSL line but I had to promise that it wouldn't > happen again.. > > Tom Hek > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAke8U7wACgkQStmJ9+mkUHNdigCdGxiIcOqMjD2jThp03KmlVP8x > s0YAnRRECJrxX/XiGIrg/fJpiadsYYKQ > =n7vE > -----END PGP SIGNATURE----- >