Re: [tor-relays] Identifying a relay

[Eddie]

Unfortunately that option is very specifically disallowed as it's 
considered as trying to hide the source IP.


Cheers.


On 6/16/2022 1:33 AM, Gary C. New via tor-relays wrote:

Eddie,

When experiencing similar issues, the recommended solution I received, 
from this list, and that seems to work best is a VPN for affected traffic.


With dnsmasq, iptables or reverse proxy, and a dedicated split-tunnel 
vpn, I shunt affect traffic over the split-tunnel vpn without 
end-users on my local network even knowing.


Seems to work fairly well.

Best of luck.


Gary
—
This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged)


On Wednesday, June 15, 2022, 11:56:37 PM PDT, Eddie 
 wrote:



Have a question about how a server I connect to can tell I am running a
guard/middle relay.  All I can think of is that they check the published
list of tor nodes against the IP.  Or (maybe, but unlikely) portscan the
IP and probe any open ports to determine the service.  Are there any
other methods that can be used.

Background:  The corp my wife works for blocked our IP.  The excuse they
gave was that it was due to a change made by a vendor they use to
identify malicious IP addresses.  I have been running the relay for
almost 5 years without any previous flagging.  They also state that
running a middle relay is not in violation of any policy, but the vendor
mis-identified our relay as an exit, hence blocking it.

After changing the IP, the new IP was also blocked in less than 24
hours.  My feeling is that the vendor is now just using the full list of
tor nodes and indiscriminately blocking everything, despite what the
corp security folks say.

I'm looking for some sort of validation I can use to counter their claims.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Identifying a relay

[Toralf Förster]

On 6/15/22 20:17, Eddie wrote:
I have been running the relay for almost 5 years without any previous 
flagging.


There are block list providers which have Tor exit relays lists and 
sells those lists to their customers.

Mayve they extend their algorithm to all Tor relays.

Anyway, "Do not run a relay at home." might be a solution.

--
Toralf


OpenPGP_signature
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Identifying a relay

[lists]

On Wednesday, June 15, 2022 8:17:54 PM CEST Eddie wrote:
> Have a question about how a server I connect to can tell I am running a
> guard/middle relay.  All I can think of is that they check the published
> list of tor nodes against the IP.
Unfortunately, many people do this, often because they have no idea about the 
different Tor relays.

> Background:  The corp my wife works for blocked our IP.  The excuse they
> gave was that it was due to a change made by a vendor they use to
> identify malicious IP addresses.  I have been running the relay for
> almost 5 years without any previous flagging.  They also state that
> running a middle relay is not in violation of any policy, but the vendor
> mis-identified our relay as an exit, hence blocking it.
> 
> After changing the IP, the new IP was also blocked in less than 24
> hours.  My feeling is that the vendor is now just using the full list of
> tor nodes and indiscriminately blocking everything, despite what the
> corp security folks say.

Workarounts:
- In Germany, almost every ISP has (www & ftp) proxies for its customers. I 
use it generally, also for IRC, then the proxy IP is displayed.
- In Germany we have '¹Freifunk' in almost every city. Firmware is OpenWrt 
with wireguard (VPN) and can be flashed on many WLAN-AP's/router. I have one 
at home too.

¹Anonymous citizens wifi mesh networks. No registration, no logs.

> 
> I'm looking for some sort of validation I can use to counter their claims.


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Identifying a relay

[Gary C. New via tor-relays]

Eddie,
When experiencing similar issues, the recommended solution I received, from 
this list, and that seems to work best is a VPN for affected traffic.
With dnsmasq, iptables or reverse proxy, and a dedicated split-tunnel vpn, I 
shunt affect traffic over the split-tunnel vpn without end-users on my local 
network even knowing.
Seems to work fairly well.
Best of luck.

Gary—
This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged) 

On Wednesday, June 15, 2022, 11:56:37 PM PDT, Eddie  
wrote:  
 
 Have a question about how a server I connect to can tell I am running a 
guard/middle relay.  All I can think of is that they check the published 
list of tor nodes against the IP.  Or (maybe, but unlikely) portscan the 
IP and probe any open ports to determine the service.  Are there any 
other methods that can be used.

Background:  The corp my wife works for blocked our IP.  The excuse they 
gave was that it was due to a change made by a vendor they use to 
identify malicious IP addresses.  I have been running the relay for 
almost 5 years without any previous flagging.  They also state that 
running a middle relay is not in violation of any policy, but the vendor 
mis-identified our relay as an exit, hence blocking it.

After changing the IP, the new IP was also blocked in less than 24 
hours.  My feeling is that the vendor is now just using the full list of 
tor nodes and indiscriminately blocking everything, despite what the 
corp security folks say.

I'm looking for some sort of validation I can use to counter their claims.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
  ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Identifying a relay

[Felix]

Hi Eddie

> but the vendor mis-identified our relay as an exit, hence 
> blocking it
The vendor or a service provider for its inbound protection might think:
Hey, this relay claims to be a non-exit but why do we receive a
connection from a non-exit? Bottom line they don't distinguish between
an IP and the relay service. If they put both together the clonclusion
makes sense in their wrong (?) perspective. It's a little paranoid I
would say.

> After changing the IP, the new IP was also blocked in less 
> than 24 hours.  My feeling is that the vendor is now just 
> using the full list of tor nodes and indiscriminately 
> blocking everything
Yup, agree

Do you have IPv6 available for your office traffic? While you use IP4
for the relay. If you route email and browser along IPv6 you could
resolve the issue.

All the best!

-- 
Cheers Felix


pgptH6l_GO0WQ.pgp
Description: Digitale Signatur von OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Identifying a relay

[Eddie]

Have a question about how a server I connect to can tell I am running a 
guard/middle relay.  All I can think of is that they check the published 
list of tor nodes against the IP.  Or (maybe, but unlikely) portscan the 
IP and probe any open ports to determine the service.  Are there any 
other methods that can be used.


Background:  The corp my wife works for blocked our IP.  The excuse they 
gave was that it was due to a change made by a vendor they use to 
identify malicious IP addresses.  I have been running the relay for 
almost 5 years without any previous flagging.  They also state that 
running a middle relay is not in violation of any policy, but the vendor 
mis-identified our relay as an exit, hence blocking it.


After changing the IP, the new IP was also blocked in less than 24 
hours.  My feeling is that the vendor is now just using the full list of 
tor nodes and indiscriminately blocking everything, despite what the 
corp security folks say.


I'm looking for some sort of validation I can use to counter their claims.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays