Re: Tor relay shutted down by ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 M wrote: (snip) One of my friend works at national isp, he warned me in advance that they may cut off my adsl connection if I don't fix Tor (filter out abusive traffic which is impossible or make it middle-man only). (snip) While this is the pits, it's better to go middleman than to shut down completely. =:o) (Sorry, I'm a compulsive silver-lining-seeker =xoD ) - -- F. Fox AAS, CompTIA A+/Network+/Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR8IF/ej8TXmm2ggwAQgf1RAAi31Rn086FTSC1N3tJJK28jrvgyMU6Fdh Avl6sxM4q3pmLv7dLcNxYjXaBNKWxrimfL8KSbuOFbKZ73pER+I7mXbnJ7oQ7pGs d/OZJOylF5rtXpqjFS2Dfp+LgesTY1a0s8hrJMbLIb4MTSQtn0Ubm9Hqm9VynKNa jRsKzH271fjRRMp9ChkijQYRl6ExhJ2Ro9OP9rfdX3u0He9+GQBL/yTMzP1pPM6+ X7Am05t6dbt1hZEARLlMUguWaSLesPSpmQ1VunZgwwZ/tv1jcnL426rIUqZLeoyP 0fEFgSFuIsmwITV+MmGzgPbMsn1K8CzFsX0beulQ6+HYlJOLYy5Py/pjUXK9H+qJ o2wHjRNybCDJKlt6e12A+9IE8HW1GZqXu186E/uM10HgMtIUPy+AU0sFDJIrNBC5 zfiIWfQaGcG7B++lM/jVUwTEFeBVz11TeVd8z7SOZ8b/GrxR6o4K4UaxEZgm11nx wL3g4ELJ+LYjF6V59c0UM7RUm6DbgaFI0XFDFhVS51lQB+XrzgTwgD0dGA9S5xSk uOkMb6bj2jnCklYNHh+Kd9ywqEuE1HtHtM3Pz6EIkT2TcN6aGls9z/jvGtyGgI6N z5A3AJfRlXzB1ZRhc3ffZdfANs5Hwprv9Fu4B8miOIwif2JxHR/h7ujSfconFXoP 4iJSYTjJ+tY= =bHRI -END PGP SIGNATURE-
Re: Tor relay shutted down by ISP
Tom Hek wrote: This morning is a friend of mine also was disconnected from the internet because XS4ALL thinks there is a Trojan running on his system. He also runs Tor on his system.. I'll keep you guys posted. This also happened to me and at least one other person. In my case it was because of trojan activity on IRC. I was using the default Tor exit policy at that time, which, as it turns out, isn't restrictive enough. XS4ALL told me that it's OK to run a non-exit node, which I'm running now. There's a number of other non-exit nodes in XS4LL IP space, including the node of one of the XS4ALL founders, so running a non-exit node seems to be fine.
Re: Tor relay shutted down by ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This also happened to me and at least one other person. In my case it was because of trojan activity on IRC. I was using the default Tor exit policy at that time, which, as it turns out, isn't restrictive enough. XS4ALL told me that it's OK to run a non-exit node, which I'm running now. There's a number of other non-exit nodes in XS4LL IP space, including the node of one of the XS4ALL founders, so running a non-exit node seems to be fine. Yep, I'm going to run a non-exit node too.. But I really want to run an exit node and I really don't like it that XS4ALL is filtering me because of that.. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfAuZQACgkQStmJ9+mkUHOLxgCeN+qGK8bQcks2D6UeSc7/JlD+ iocAmgPEErvneSB7FW2GQtbCFZWkDr5X =iIpf -END PGP SIGNATURE-
Re: Tor relay shutted down by ISP
Tom Hek wrote: This also happened to me and at least one other person. In my case it was because of trojan activity on IRC. I was using the default Tor exit policy at that time, which, as it turns out, isn't restrictive enough. XS4ALL told me that it's OK to run a non-exit node, which I'm running now. There's a number of other non-exit nodes in XS4LL IP space, including the node of one of the XS4ALL founders, so running a non-exit node seems to be fine. Yep, I'm going to run a non-exit node too.. But I really want to run an exit node and I really don't like it that XS4ALL is filtering me because of that.. They aren't filtering Tor exit nodes, but they check for bad traffic coming from their IP space (spam, trojans, viruses, cracking, ...). With a Tor exit node, that will happen sooner or later.
Re: Tor relay shutted down by ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This morning is a friend of mine also was disconnected from the internet because XS4ALL thinks there is a Trojan running on his system. He also runs Tor on his system.. I'll keep you guys posted. Tom Hek -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAke+3MgACgkQStmJ9+mkUHNf3gCfa41UW6btIZ0ON9yogJV3bE3f myIAnj3fFa8XQgvnJ5YaMn4ry5GqfmUJ =t9bu -END PGP SIGNATURE-
Re: Tor relay shutted down by ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tom Hek wrote: This morning is a friend of mine also was disconnected from the internet because XS4ALL thinks there is a Trojan running on his system. He also runs Tor on his system.. I'll keep you guys posted. Tom Hek At the risk of sounding rash and impulsive, I'll venture to say that a little bit of education here, could go a long way - I think the ISP folks need it. - -- F. Fox AAS, CompTIA A+/Network+/Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR78spOj8TXmm2ggwAQg1sw/+MYjYZMZqZteIwg1RTLADA075IN2dsfjd XZhUcmtOExBbsv253/Ev0HrKROx1cDDwuHOqvREPqmUShPLN51F/xCdius5JzdJ6 rBCg856zCEYtviNpnwLoIOj2sB5xRDMt5VjGYF+WKwgzVpJ8YReXTwvp2LV3qOds YQbc5AXgFmN+V240eZ1RUnJw6XPU6W+3UBpC8haoYZ/GbrJuUxkyQYX+QHqKNPzn pUvsnlXC+iXgJJhCylsey7cKB2kHmvs5ncnIUpx9yKSIUU6Tp58rU6281oAnrGpM 7Xqs9+nKpY3uMefXKkvaU+XAHN3UIUJqjKza4eC5l0NCLHiPRjZ6QZXyXQp6sWza CF2vDanxwjsoGwKRisMtRNQlhtSugH5m8xDvyxTvu4j8iJpHzCH1qb8kX0GPHQmG b+Uzv8gO9rZqv8HotzlU8FNofdatelvts7Ws02PKDETpXkdBTDIZV4j5779QZiyJ /eKfrajhDrUhnUMqPSOQ9StM9FOjaSCvrTAmhXRoMpEoR2CT4Zj9x7i071O/XfjS iXFYSEkQQH2CnW7nKVpiBHmJpILj85RFZ+rUgKLwrhVhdMC/0bMqY+Kg6xyQVkSd SF2cYBi2JD3rV6Q+VjnY6BagTpM1seKUSybaGApHv/eJ9qhYXnTtbNn24Wnob+RN 9h5Up5gTvhA= =7NzN -END PGP SIGNATURE-
Re: Tor relay shutted down by ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 F. Fox wrote: At the risk of sounding rash and impulsive, I'll venture to say that a little bit of education here, could go a long way - I think the ISP folks need it. You are totally right. The strangest thing is that XS4ALL is a ISP that stands for freedom of speech, anti-censorship, protection of the privacy of their customers, etc. And they don't know Tor. I thought XS4ALL was one of the best ISP's in The Netherlands to run a Tor node, but that assumption was totally wrong.. Because this is the second line closed down @ XS4ALL all my Tor nodes are offline now.. Don't want to take the risk to get disconnected again.. Tom Hek -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAke/LigACgkQStmJ9+mkUHNseACfc57XcSu6lAKNCu9/S6iqBa3O KWEAn3OiQPcaMHnAsOdlNixn8e9LceJn =dtzR -END PGP SIGNATURE-
Re: Tor relay shutted down by ISP
At the risk of sounding rash and impulsive, I'll venture to say that a little bit of education here, could go a long way - I think the ISP folks need it. In my experience ISP's are not intrested of Tor, they just want that no botnet traffic etc. goes through their networks. Trying to educate them is in vain. This is in Finland. They just don't care. One of my friend works at national isp, he warned me in advance that they may cut off my adsl connection if I don't fix Tor (filter out abusive traffic which is impossible or make it middle-man only). They got bunch of abuse reports from Ficora, a Finnish organization that is responsible for the fi-domain and so on. M
Re: Tor relay shutted down by ISP
On Wed, Feb 20, 2008 at 06:58:08PM +0100, Alexander W. Janssen wrote: Tom Hek schrieb: Thanks :) My ISP reconnected me again but I had to promise to never run Tor again. Tomorrow I'm going to call them and try to change their minds. XS4ALL is a ISP who stands for freedom of speech, they are against censorship, etc etc. If they knew what Tor was they wouldn't disconnect me for running Tor.. Yeah, that's what I thought too... I mean XS4ALL has quite a good reputation. It puzzles me that they acted like you described it. That part at least has an easy explanation: like all other large organizations, xs4all is made up of many different people, and most of them are just there to do their job. There are probably a few people at xs4all who really like Tor, a few who really hate it, and the rest are in between depending on all sorts of factors (like whether they've had their coffee yet that day). So rather than saying it puzzles me that xs4all acted like that, it might be better phrased as it puzzles me that one person at xs4all acted like that, and then it becomes less puzzling. --Roger
Re: Tor relay shutted down by ISP
Thanks for keeping us updated. If you ever need money for legal fees, a support campaign, or anything like that: let me know. I can round up a lot of assistance through BinaryFreedom and the Anarchist Black Cross. Comrade Ringo Kamens Armed Division, 35th Parallel On Feb 20, 2008 11:22 AM, Tom Hek [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello fellow Tor relay admins, I run several Tor relays on residential DSL connections. This morning my dad called me, telling me that my ISP had disconnected us from the Internet because of a Trojan running on my systems (I wasn't at home at that moment ;)). They had received a abuse complainant that one of my boxes on this DSL connection was on a botnet. I checked the timestamp of the log they sended to me with the uptime of the computers. Only the computer that was running a Tor node was online. It was pretty obvious that the botnet connections were coming from this box. The box was clean, had no rootkits installed or other malicious software, so it was Tor, relaying a connection for a bot. My ISP didn't knew what Tor was and asked if that Tor logged the connections that were running through it. I told them Tor was an anonymity system so it doesn't keep any logs of the traffic that's going through it. They were confused, they told me that every decent Tor relay keeps a log of the connections running through it. I'm living in The Netherlands, running this Tor node on the ISP XS4ALL. XS4ALL is one of the ISP's with the most knowledge of the internet and the things happening on the internet. I'm pretty shocked that they didn't knew about Tor. I want to alert all the Tor relay admins that are running Tor nodes on a connection from XS4ALL to be prepared to get disconnected, because they think there is a trojan or rootkit running on your system.. XS4ALL restored the DSL line but I had to promise that it wouldn't happen again.. Tom Hek -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAke8U7wACgkQStmJ9+mkUHNdigCdGxiIcOqMjD2jThp03KmlVP8x s0YAnRRECJrxX/XiGIrg/fJpiadsYYKQ =n7vE -END PGP SIGNATURE-
Re: Tor relay shutted down by ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ringo Kamens wrote: Thanks for keeping us updated. If you ever need money for legal fees, a support campaign, or anything like that: let me know. I can round up a lot of assistance through BinaryFreedom and the Anarchist Black Cross. Comrade Ringo Kamens Armed Division, 35th Parallel Thanks :) My ISP reconnected me again but I had to promise to never run Tor again. Tomorrow I'm going to call them and try to change their minds. XS4ALL is a ISP who stands for freedom of speech, they are against censorship, etc etc. If they knew what Tor was they wouldn't disconnect me for running Tor.. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAke8WHwACgkQStmJ9+mkUHPBNACfcDdlu7raLUdmLwS+inFAwl16 lhMAn012nOcQrszGCihI6eVR7vkyX28I =y520 -END PGP SIGNATURE-
Re: Tor relay shutted down by ISP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jon McLachlan wrote: If you just run a middle node, nothing that bad should come spewing out of your box. I would be curious if you were running an exit node originally, or if it was just a middle node. In the tor-config file, there's some exit policies - if you reject *:*, then you're essentially a middle-node, in which everything is both 1) encrypted and 2) between tor-to-tor traffic (which will almost certainly generate no future complaints) I chose to be an exit node because I wanted to donate my bandwidth to other Tor users. I've been running a middle-node for several years but I think that good end nodes are needed too, so I decided to start running an end node. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAke8X+UACgkQStmJ9+mkUHNJNACdHAvOmlExAcW0cmgdYrmorqaA LcgAn0UhhdlQd/gUcaEzwX0P8p2QO8if =358F -END PGP SIGNATURE-
Re: Tor relay shutted down by ISP
Thanks :) My ISP reconnected me again but I had to promise to never run Tor again. Tomorrow I'm going to call them and try to change their minds. XS4ALL is a ISP who stands for freedom of speech, they are against censorship, etc etc. If they knew what Tor was they wouldn't disconnect me for running Tor.. If you just run a middle node, nothing that bad should come spewing out of your box. I would be curious if you were running an exit node originally, or if it was just a middle node. In the tor-config file, there's some exit policies - if you reject *:*, then you're essentially a middle-node, in which everything is both 1) encrypted and 2) between tor-to-tor traffic (which will almost certainly generate no future complaints) ~Jon
Re: Tor relay shutted down by ISP
Tom Hek schrieb: Thanks :) My ISP reconnected me again but I had to promise to never run Tor again. Tomorrow I'm going to call them and try to change their minds. XS4ALL is a ISP who stands for freedom of speech, they are against censorship, etc etc. If they knew what Tor was they wouldn't disconnect me for running Tor.. Yeah, that's what I thought too... I mean XS4ALL has quite a good reputation. It puzzles me that they acted like you described it. However, good luck and keep us updated. Cheers, Alex. signature.asc Description: OpenPGP digital signature