[tor-relays] webiron requesting to block several /24 subnet

This will be my lengthy opinion on Webiron to get everything out of my mind without redactions. > Webiron's system sends notifications to both the abusix.org contact > for the IP and to abuse at base-domain.tld for the reverse-DNS name of > the relay IP. This doesn't seem to be the case for us.

Re: [tor-relays] webiron requesting to block several /24 subnet

FYI Webiron ceased sending these for my relay sometime between 11/24 and today (no reports for 11/25-27). Possibly this is because I never look at or resolve the reports and their system eliminates non-responding addresses to avoid listing by spam honeypots. If you wish to continue receiving

Re: [tor-relays] webiron requesting to block several /24 subnet

Maybe something to add because I ran into a mistake: ExitPolicy is a first match szenario. The reject rules for abuse reports and stuff has to be the first one, afterwards your accept rules and then a reject *:*. For exampe my current policy is: ExitPolicy reject 5.133.182.0/24 # WebIron report

Re: [tor-relays] webiron requesting to block several /24 subnet

My hosting provider also go these requests. Their terms of service requires that I will answer something to acknowledge I got that. I just answer "ok, I'll handle it" and that's it. The reverse lookup of my nodes points to a hostname that shows the Tor text. The host name is

Re: [tor-relays] webiron requesting to block several /24 subnet

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm currently in the middle of a somewhat heated e-mail debate with their vice-president. Pasting the e-mails below would be indelicate, but their position is that the Tor network is responsible for the abuse it generates and should take measures to

Re: [tor-relays] webiron requesting to block several /24 subnet

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm currently in the middle of a somewhat heated e-mail debate with their vice-president. Pasting the e-mails below would be indelicate, but their position is that the Tor network is responsible for the abuse it generates and should take measures to

Re: [tor-relays] webiron requesting to block several /24 subnet

>. . .I have to understand how my ISP reacts to this kind of things. >For the moment I will keep a low profile and I will block the >mentioned IP range for a month. Webiron's system sends notifications to both the abusix.org contact for the IP and to ab...@base-domain.tld for the reverse-DNS

Re: [tor-relays] webiron requesting to block several /24 subnet

Hi Christian, sorry, I marked that message as "Todo" but forgot :-) My replay to my provider is: - Hello Martin, I've blocked the whole /24 (originally the target IP range is inside a /16 but this would be too much) to prevent further

Re: [tor-relays] webiron requesting to block several /24 subnet

2015-11-16 12:46 GMT+01:00 Josef 'veloc1ty' Stautner : > sorry, I marked that message as "Todo" but forgot :-) Thank you. This is very helpful!. > - > Hello Martin, > > I've blocked the whole /24 (originally the target IP

Re: [tor-relays] webiron requesting to block several /24 subnet

> On 16 Nov 2015, at 22:58, Cristian Consonni wrote: > > Ok, so you did block a range for a limited period. I will need to > learn how to do that. Try: ExitPolicy reject4 1.2.3.4/24:* There's an extensive description of ExitPolicy in the tor man page. Tim Tim

Re: [tor-relays] webiron requesting to block several /24 subnet

2015-11-17 0:36 GMT+01:00 Dhalgren Tor : > Webiron's system sends notifications to both the abusix.org contact > for the IP and to ab...@base-domain.tld for the reverse-DNS name of > the relay IP. So if you can configure abuse@ for the relay domain to > forward to you, you

Re: [tor-relays] webiron requesting to block several /24 subnet

Hi, 2015-10-21 22:23 GMT+02:00 teor : > Would you mind putting the statement on the wiki or posting it to this list? > > It might help other exit operators to respond to these kind of abuse reports. +1. Can somebody point me to this? I have just received a notification from

Re: [tor-relays] webiron requesting to block several /24 subnet

++ 17/11/15 02:08 +0100 - Cristian Consonni: >2015-11-17 0:36 GMT+01:00 Dhalgren Tor : >> Webiron's system sends notifications to both the abusix.org contact >> for the IP and to ab...@base-domain.tld for the reverse-DNS name of >> the relay IP. So if you can configure

Re: [tor-relays] webiron requesting to block several /24 subnet

Il 17/Nov/2015 08:27, "Rejo Zenger" ha scritto: > > ++ 17/11/15 02:08 +0100 - Cristian Consonni: > >2015-11-17 0:36 GMT+01:00 Dhalgren Tor : > >> Webiron's system sends notifications to both the abusix.org contact > >> for the IP and to

Re: [tor-relays] webiron requesting to block several /24 subnet

>Some people out there apparently are of the opinion that it is a >reasonable choice to use the ugly crutch that is "fail2ban" instead of >deprecating password based authentication for ssh. You're technically correct (the best kind) but I wanted to point out that Fail2Ban is a really useful

Re: [tor-relays] webiron requesting to block several /24 subnet

> On 21 Oct 2015, at 07:41, Josef Stautner wrote: > > I also ask my hoster for the mail addresses of the abuse reporter and > write a little statement why he got attacked and what tor is and why I > running a relay. Mostly the abuse reports from WebIron reports about >

Re: [tor-relays] webiron requesting to block several /24 subnet

++ 20/10/15 13:57 -0700 - AMuse: >The TOR directory of exit nodes is readily available for ISP's and >website operators to apply in their filters. I don't see why them >putting the onus on tens of thousands of exit operators to exit-block >THEIR addresses is in any way reasonable. I do agree

Re: [tor-relays] webiron requesting to block several /24 subnet

Dear yl, just a few words from the abuse helpdesk of a larger tor-exit-node... TL;DR: we ignore those requests. they don't even reach a human. While we do handle most genuine/honest/helpful and especially all non-automated abuse reports very diligently. Pointless nagging services like webiron

[tor-relays] webiron requesting to block several /24 subnet

Hello, I received an abuse email today from my hoster (several emails from webiron in one email), typical automated abuse emails, not much information. However, they request, if the origin IP is a Tor exit, to block the full /24 subnet. As they also state, they will not provide the full IP of

Re: [tor-relays] webiron requesting to block several /24 subnet

Hello yl, I also got some reports from WebIron. I also made some thoughts about blocking Tor from reaching some parts of the internet and if it's agains the ethics of tor. I think that blocking the destination for two weeks by an reject rule satisfies the "victim" and your hoster thus helps

Re: [tor-relays] webiron requesting to block several /24 subnet

The TOR directory of exit nodes is readily available for ISP's and website operators to apply in their filters. I don't see why them putting the onus on tens of thousands of exit operators to exit-block THEIR addresses is in any way reasonable. On 2015-10-20 12:51, yl wrote: > Hello, > I

Re: [tor-relays] webiron requesting to block several /24 subnet

I agree. I just bin these, or send the standard "abuse" response template, which includes a snippet about using a DNSBL. On 10/20/2015 04:57 PM, AMuse wrote: > > > The TOR directory of exit nodes is readily available for ISP's and > website operators to apply in their filters. I don't see why

[tor-relays] webiron requesting to block several /24 subnet

>snake oil service like webiron A most excellent characterization! As a sales maneuver WebIron has been grandstanding for months saying that Tor operators are "unwilling to cleanup" when they know full-well that tor operators can not / should not filter traffic due to minor brute- force login