Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#15501 closed task (invalid)

Routing to a small number of, most probably 'malicious,' servers - how to block?

Reported by: cypherpunks Owned by:
Priority: Very High Milestone:
Component: - Select a component Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I am a professor and environmental activist with ongoing security issues with my communication devices. It appears that my TOR Browser is being routed to the same IPs over and over again. And, these IPs are included in a list of spamming/hijacking IPs that was posted on the Internet. I'd say that my computer regularly connects to about 2/3 of the addresses on this list of smamming hijackers. My range of server nodes that my computer uses to connect to the TOR network seems to be quite small. The following list should also include some server called 'dreamatorium' and another called 'badexample.' - - [30/Apr/2012:03:28:55 +0200] - - [30/Apr/2012:03:29:01 +0200] - - [30/Apr/2012:03:29:05 +0200] - - [30/Apr/2012:03:29:09 +0200] - - [30/Apr/2012:03:29:13 +0200] - - [30/Apr/2012:03:29:16 +0200] - - [30/Apr/2012:03:29:18 +0200] - - [30/Apr/2012:03:29:19 +0200] - - [30/Apr/2012:03:29:37 +0200] - - [30/Apr/2012:03:29:38 +0200] - - [30/Apr/2012:03:29:40 +0200] - - [30/Apr/2012:03:29:40 +0200] - - [30/Apr/2012:03:29:41 +0200] - - [30/Apr/2012:03:29:47 +0200] - - [30/Apr/2012:03:29:48 +0200] - - [30/Apr/2012:03:29:50 +0200] - - [30/Apr/2012:03:29:51 +0200]

My university email browser posts the address for the server from which I connect to the university server to access my email. This is the reason I know which servers I am connecting to. How do I stop the browser from going through particular servers or allowing malicious IPS to connect? I am sure that I am not explaining this clearly, but I hope that you can decipher the problem. I am not a computer person, but I have a PhD and when looking at all of this, it appears that my connection is being routed to particular servers!!!

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by cypherpunks

I received this email from the TOR Helpdesk:

Date: Sat, 28 Mar 2015 22:04:59 +0000 [06:04:59 PM EDT]

From: Most support requests will end up in this queue via RT <help@…>

To: nicole.oretsky@…
Reply-To: help@…
Subject: [ #41967] Help Please
Headers: Show All Headers


You have successfully reached the Tor help desk. Someone from our team
will try to get back to you as soon as possible.

Please keep in mind that the Tor Project, Inc. keep records of all
help desk interactions through email for at least six (6) years.

Thanks for your patience while waiting for replies.

Tor Project's support team

comment:2 Changed 4 years ago by yawning

Resolution: invalid
Status: newclosed

Trac is not an appropriate place for technical support questions. The help desk e-mail address is the appropriate place for such things. But ok. I'll provide a brief answer before I close this.

The list of IP addresses you posted obtained from your university's e-mail server is the IP address of the exit(s) your Tor instance has been using to get to the internet. So the answer your original question "How do I stop the browser from going through particular servers or allowing malicious IPS to connect?" would be one of:

  1. Teach people not to do bad things with a public resource, so that IP addresses of Tor Exit nodes do not appear in lists of evil IPs.
  2. Use the ExcludeExitNodes configuration option to selectively remove IP addresses contained in all the various lists of "IP addresses someone at some point did something evil from", which will remove every single Exit node rendering your Tor instance useless.
  3. Stop using Tor entirely.

comment:3 Changed 4 years ago by cypherpunks

Resolution: invalid
Status: closedreopened

comment:4 Changed 4 years ago by cypherpunks

This issue should not be dismissed so quickly, and by the way, rudely. My computer is only connecting to a small number of nodes. This means that it is not connecting to the larger TOR network or to 'random' nodes. This is not about individual people behaving badly while using particular nodes. Your answer is self-defeating and blind if you are, at all, concerned with the integrity of the TOR system for users. Why is my computer only reaching a few nodes and ones that appear to have a long malicious history at that?

I just found this article. Maybe this is the answer?

comment:5 Changed 4 years ago by nickm

Resolution: invalid
Status: reopenedclosed

Tor exit nodes regularly appear on lists of "malicious" IPs because jerks sometimes use them to do abusive stuff. It's got nothing to do with whether those nodes are trustworthy themselves. You're also getting a smaller range than the whole range of exits of the Tor network because you're connecting to an email server (probably via POP, SMTP, or IMAP), and most exits don't support email.

comment:6 Changed 4 years ago by arma

Is it possible that this user is referring to entry nodes? That is, the user doesn't know about Guard nodes and is thus concerned?

If so,
might be useful.

But in any case, yes, trac is not intended for user support questions. That's what
is for.

Note: See TracTickets for help on using tickets.