Opened 4 years ago

Closed 4 years ago

#19064 closed defect (worksforme)

Access denied, by most exits, to a very specific IP range

Reported by: Tu2020 Owned by:
Priority: Medium Milestone:
Component: - Select a component Version:
Severity: Normal Keywords: range IP block
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The IP ranges in and around 162.216.5.226 (although is seems to be generalize around, approximately, 162.216.5.224/28) are blocked from the majority of TOR nodes. I have tried a wide variety of "new TOR circuits", and nearly all of them have such a block in place. This includes http (port 80), https (port 443), DNS (port 53), and other likely ports, (i.e. cPanel).

I have equally tested through a quantity of free proxies (not TOR related), and blocks do not exist to this IP range through any of them.

All indications are that this block by TOR began on, or shortly after 24 April 2015.

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by Tu2020

Keywords: range IP block added
Summary: Access denied, by most exits, to a very specfic IP rangeAccess denied, by most exits, to a very specific IP range

comment:2 Changed 4 years ago by teor

Resolution: not a bug
Status: newclosed

It's likely that this IP range has decided to block Tor Exit nodes. If so, there's nothing we can do. (Except ask politely to be unblocked.)

Feel free to look up the owner of the IP range and add them to:
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor

comment:3 in reply to:  2 ; Changed 4 years ago by Tu2020

Resolution: not a bug
Status: closedreopened

Replying to teor:

It's likely that this IP range has decided to block Tor Exit nodes. If so, there's nothing we can do. (Except ask politely to be unblocked.)

Feel free to look up the owner of the IP range and add them to:
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor

I have triple checked with the Administrator of the IP range, as well as the Hosting company. Neither of those entities have blocked TOR exits. In fact, it would be technically impossible to do so, because of the quantity of addresses. These are the rationale given to me both both the Administrator of the sites in that IP range, as well as the hosting company (Hivelocity).

Of course, I have reviewed https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor , and it is focused entirely about a server side block, which, as I've specified, is not the case here.

The blocking in question is distinctly from within TOR.

comment:4 in reply to:  3 Changed 4 years ago by teor

Replying to Tu2020:

Replying to teor:

It's likely that this IP range has decided to block Tor Exit nodes. If so, there's nothing we can do. (Except ask politely to be unblocked.)

Feel free to look up the owner of the IP range and add them to:
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor

I have triple checked with the Administrator of the IP range, as well as the Hosting company. Neither of those entities have blocked TOR exits. In fact, it would be technically impossible to do so, because of the quantity of addresses. These are the rationale given to me both both the Administrator of the sites in that IP range, as well as the hosting company (Hivelocity).

Of course, I have reviewed https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor , and it is focused entirely about a server side block, which, as I've specified, is not the case here.

The blocking in question is distinctly from within TOR.

Each Tor Exit operator makes their own decisions about what ports and IP ranges they will allow.

The top 10 exits on Compass do not block this range in their exit policies:
https://compass.torproject.org/#?exit_filter=fast_exits_only_any_network&links&sort=cw&sort_reverse&country=
So there is no Tor block at the Exit level.
(And Tor has no way to configure blocks at the Tor Network level.)

When I tried to connect to 162.216.5.226 in Tor Browser, I received the typical log entries that happen when an IP range drops packets from Tor Exits:

May 16 06:21:55.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $20B0038D7A2FD73C696922551B8344CB0893D1F8~edwardsnowden1 at 109.163.234.8. Retrying on a new circuit.
May 16 06:22:11.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $7D5CCD1D8D798779979DF7E0A3A2BFA55D2C24B3~torlesnet2 at 199.87.154.251. Retrying on a new circuit.
May 16 06:22:27.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $4B170476D09459328438F3E68ED19516C9F75A80~birnenpfeffimitzimt at 212.21.66.6. Retrying on a new circuit.
May 16 06:22:42.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $379FB450010D17078B3766C2273303C358C3A442~aurora at 176.126.252.12. Retrying on a new circuit.
May 16 06:22:57.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $615ABEA2DE76EB3760BC51E7306BAA59F15CD8F2~Cloud at 5.135.158.101. Retrying on a new circuit.
May 16 06:23:14.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $9D6AE1BD4FDF39721CE908966E79E16F9BFCCF2F~Necto at 93.115.95.201. Retrying on a new circuit.
May 16 06:23:29.000 [notice] We tried for 15 seconds to connect to '[scrubbed]' using exit $69DF3CDA1CDA460C17ECAD9D6F0C117A42384FA0~AccessNow008 at 176.10.99.204. Retrying on a new circuit.
May 16 06:23:29.000 [notice] Tried for 132 seconds to get a connection to [scrubbed]:80. Giving up.

It's possible Hivelocity has a block at the network (/28 or higher) level that targets unwanted traffic, and Tor Exits are included in that block. The administrators you contacted could be unaware of this block, or may not understand the consequences of the traffic filtering that has been configured.

This could well be part of Hivelocity's "DDoS protection" or "Firewall" services:
https://www.hivelocity.net/enhancements/ddos-protection/
https://www.hivelocity.net/enhancements/firewall/

And yes, it is possible to block almost all Tor Exits from accessing an entire network. All it takes is one device at the entry to the network, configured with a list of Tor Exits.

Please feel free to provide logs or packet traces that show where connections to 162.216.5.226 are being blocked - as you can see from the above logs and Compass exit list, there is no blocking between Tor clients and Tor exits, or in Tor exit policies.

comment:5 Changed 4 years ago by gk

Resolution: worksforme
Status: reopenedclosed
Note: See TracTickets for help on using tickets.