«

»

May 22 2012

Print this Post

tor abuse

I have been running at least one tor exit node for about three years now. Over that period I have occasionally had to move provider following one or more abuse reports. Most ISPs like the quiet life, and you can’t really blame them for not wanting the hassle of dealing with complaints from other ISPs about apparent hostile activity originating from their networks. I have been with one provider for a couple of years and, until now, they have been understanding when they have received complaints and I have pointed them to my exit policy and my notice on the tor node itself. However, this week that changed. They have received two more reports of hostile activity, aimed apparently at Brazilian Government servers, in rapid succession. Following discussions with my provider I have now reluctantly agreed to shut down the exit policy completely. In future my tor node will relay only.

This is a shame, but the only real alternative I was faced with was to shut it down completely and/or move yet again. I’m no longer prepared to do that.

For the record, the activity logged by the victims showed that some bozo was using tor (and popped out of my node) to scan servers with sqlmap. It is extremely disappointing to me that the tor network should be adversely affected by that sort of script kiddie activity.

Update on 24/05/12

I emailed the tor-relays list about my experience and rapidly received a half dozen or so “me too” replies. It would seem that someone has been heavily targetting Brazilian governnment web servers through tor.

Permanent link to this article: http://baldric.net/2012/05/22/tor-abuse/