Re: [tor-relays] Middle relay IP blocking
As an at-Home, Middle-Relay operator, I experienced similar issues. Initially, I attempted to solve the problem by using dnsmasq + nginx to reverse proxy the blacklisted sites through a dedicated vpn, which worked... with some issues. As the issues increased, I decided to secure a new IP Address and pivot to an at-Home, Bridge operator, which has been trouble free and much more amenable to at-Home operation. Thanks for running a Tor Relay... or Bridge. On Thursday, August 3, 2023, 1:58:08 PM MDT, telekobold wrote: Hi, On 03.08.23 14:22, Logforme wrote: > My "solution" for now is to use my phone's internet sharing when I have > to contact these sites. Since it only is a few sites which I contact > rarely this works, but as more and more sites outsource their security > to third parties I expect this to be a growing problem. Eventually I > might no longer be able to run a relay. instead of turning down your relay, you could change it to a cloud hoster. I e.g. would suggest the German provider Hetzner [*] - you have 20TB/month free traffic for only a few euros. Since the IP address of your relay is publicly known anyway, it also doesn't matter as much as with a bridge if the relay is running at a cloud provider (e.g. regarding the situation in Turkmenistan). The disadvantage is, of course, less diversity in the number of networks in which the relays are distributed. Kind regards telekobold [*] https://www.hetzner.com/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
Hi, On 03.08.23 14:22, Logforme wrote: My "solution" for now is to use my phone's internet sharing when I have to contact these sites. Since it only is a few sites which I contact rarely this works, but as more and more sites outsource their security to third parties I expect this to be a growing problem. Eventually I might no longer be able to run a relay. instead of turning down your relay, you could change it to a cloud hoster. I e.g. would suggest the German provider Hetzner [*] - you have 20TB/month free traffic for only a few euros. Since the IP address of your relay is publicly known anyway, it also doesn't matter as much as with a bridge if the relay is running at a cloud provider (e.g. regarding the situation in Turkmenistan). The disadvantage is, of course, less diversity in the number of networks in which the relays are distributed. Kind regards telekobold [*] https://www.hetzner.com/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On 2023-08-01 23:14, Eldalië via tor-relays wrote: My guess is that some widely used black list started including middle relay IPs, but I have no proofs. Has anyone had similar experiences? Any thoughts on this? I run a non-exit relay at home and have run into the same issue. Some Swedish government sites use a third party for handling log ins. A few months ago this third party started blocking non-exit relays. I tried to contact the government sites and explain the issue (exit vs non-exit IP lists etc). None of them said it was their policy to block non-exits but naturally pointed at the third party. I tried to contact them but got nowhere, maybe they outsource in their turn. Since sites these days outsource so much it is hopeless to get through to anyone able or willing to fix an issue. I gave up after many emails. My "solution" for now is to use my phone's internet sharing when I have to contact these sites. Since it only is a few sites which I contact rarely this works, but as more and more sites outsource their security to third parties I expect this to be a growing problem. Eventually I might no longer be able to run a relay. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Middle relay IP blocking
On Tue, 1 Aug 2023 23:14:28 +0200 Eldalië via tor-relays wrote: > Hello there! > I've been running for over 1.5 year a middle relay on an IP address I also use > to browse, withous issues. However it's now some weeks since many websites > that > always refused tor traffic started to also refuse normal traffic from my IP. I > suppose this is related to the relay, because I don't run any other "suspect" > service on this IP and when I change it the problem is gone for a few hours. > My guess is that some widely used black list started including middle relay > IPs, but I have no proofs. > Has anyone had similar experiences? Any thoughts on this? For me this has always been the case, since many years ago. It is surprising you did not have issues for 1.5 years. It is probably this list: https://www.dan.me.uk/tornodes It has explanation text in bold, but nobody reads that. Or just the Tor relay lists that can be fetched from the Tor project directly. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Middle relay IP blocking
Hello there! I've been running for over 1.5 year a middle relay on an IP address I also use to browse, withous issues. However it's now some weeks since many websites that always refused tor traffic started to also refuse normal traffic from my IP. I suppose this is related to the relay, because I don't run any other "suspect" service on this IP and when I change it the problem is gone for a few hours. My guess is that some widely used black list started including middle relay IPs, but I have no proofs. Has anyone had similar experiences? Any thoughts on this? Thanks, Eldalië -- Eldalië My private key is attached. Please, use it and provide me yours! signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Receiving abuse reports for Non-Exit Relay
Hi John, Would it be possible that another device on your network is responsible for the network scanning? If you have an infected PC for instance, your provider would not see the difference. Regards, Paul --- Original Message --- Op donderdag 27 juli 2023 om 21:54 schreef John Crow via tor-relays : > Hello, > > It is honestly still puzzling to me considering that the relay wasn’t > compromised or misconfigured. > > If you or anyone wants to check out the reports > https://www.abuseipdb.com/check/23.132.184.31 > > > On Wed, Jul 26, 2023 at 2:16 PM, mpan - tor-1qnuaylp at mpan.pl > wrote: > > > > In the past 24 hrs, I have been receiving complaints from my hosting > > > provider that they're receiving hundreds of abuse reports related to port > > > scanning. I have no clue why I'm all of the sudden receiving abuse > > > reports when this non-exit relay has been online for months without > > > issues. In addition, I have other non-exit relays hosted by the same > > > provider with no issues and more across other providers. > > > > > > I proceeded to reinstall the OS and reconfigure Tor. I was then quickly > > > notified by my hosting provider again of more abuse reports all showing > > > port 22 as target port. > > > > > > I have not changed my torrc at all and it's still setup as a non-exit > > > relay. No other applications/services were installed alongside Tor. Tor > > > Metrics does not show the relay as Exit either. > > > > > > It feels like Tor Exit Traffic is leaking through my non-exit relay? > > Hello, > > > > To me it seems like bogus or invalid reports. With certainity over 19 > > in 20. The picture simply does not fit port scanning. > > > > 1. Not only middle relays, but exit nodes can only perform complete > > TCP connections. Port scanning usually involves a SYN or UDP scan, which > > is technically not possible to be done using any Tor node. > > > > 2. Even if we assume somebody is hurting oneself by performing a > > full-connection TCP scan, you mention only one port is being reported. A > > port scan involves many ports. And this is not merely pedanticism > > regarding naming. The detection of a port scan relies on this. In other > > words: there is no way to classify traffic as a port scan, if only one > > port is affected. > > > > Since only port 22 is affected and 22 is not a common port for Tor > > relays, you may simply block egress traffic to this port altogether. The > > same as IP address ranges for which reports come. If the reports > > continue coming, you can be almost sure they are false. The little > > uncertainity remains for some attacker having root (or above-root) > > access to your machine, but this is not coming from your Tor relay. > > > > Before blocking IP address ranges, check if they are not relays. I do > > not want to make positive statements about one trying to affect Tor > > network, but such a possibility should also not be excluded without > > checking. > > > > Cheers > > ___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
