Hacker News new | comments | show | ask | jobs | submit login
Verizon AS701 blocking Tor consensus server tor26 (86.59.21.38) (torproject.org)
169 points by neelc 6 months ago | hide | past | web | favorite | 22 comments



I don't believe Verizon would "discourage" Tor. It would either block it completely, or continue to allow it.

The tiny percentage of Tor users don't concern Verizon. The miniscule loss of advertising revenue isn't as big of an issue as the bad publicity that messing with TOR would get them from media.

VPN users might be a thing they get concerned about, at some point, but I'd expect them to come out with a VPN service if that was the case.

So I expect this will be traced to some kind of incompetence or error, not a deliberate effort.


The reason Cloudflare originally flagged Tor nodes was because 99% of the traffic over them was malicious. Cloudflare cared to make an alternative solution to it, but most presumably would just let a perceived malicious IP remain blocked.


It's probably a bad DOS protection mechanism, that has either the inbound or outbound net set too wide. Not uncommon, though a PITA and hard to distinguish from censorship (and why botnet blocklists should be public)


bad publicity? i can’t see there being any bad publicity.

otherwise i agree with you. probably not intentional.


Hanlon's razor


Grey’s law [1]:

“Any sufficiently advanced incompetence is indistinguishable from malice”

1- https://en.m.wikipedia.org/wiki/Clarke%27s_three_laws


This should be Elsevier's corporate motto.


Pfft. This was almost certainly blocked because someone thought it was a malware C&C.

The indicator lists released by DHS and various snake oil peddlers regularly contain IP addresses like this because they observed malware samples connecting to the IP.

This isn't a new thing and has precisely nothing to do with net neutrality, you could probably get this fixed in a couple of hours with a NANOG post.


> This isn't a new thing and has precisely nothing to do with net neutrality

Wouldn't a net neutrality proponent say that blocking traffic to/from an IP is non-neutral regardless of reason?


I hope most net neutrality proponents would not say that it implies that all providers must allow all traffic through their network, regardless of whether it is malicious or not. If they do believe that then it turns out I’m against net neutrality.


> malicious

Careful, that's a subjective term. Not that I disagree w/ ISPs protecting their own networks, but we often can't have it both ways unless it's more clear what malicious means. Tor traffic can appear malicious as was probably the case here.


Of course it is - unless we’re going by the relevant RFC, in which case we can simply define it as traffic with the evil bit set ;) But net neutrality is, in its essence, a subjective term. At the end of the day, it would be down to the courts as the final arbiters of what is malicious or not, should it come to that.


There are thousands of little blocks installed and removed daily. Often it is an automatic response to suspicious traffic or a notice and is removed before any human really notices. Such things are only a violation of net neutrality if done in bad faith to block specific content. Or if the block persists beyond the need. Your home router is probably blocking some inbound traffic right now without you noticing. That's what firewalls do. Without active blocking of evil or poorly-configured networks the internet would be much less safe/fast/enjoyable than it is.


Maybe?

But I have a very hard time believing anyone would have associated this with NN in 2016.

The current NN proponents were not going after ISPs for stuff like this under the guise of NN pre-repeal. Nobody was upset about the port 25 blocks.

Suddenly all connectivity issues on the internet have become NN issues, despite the fact that NN regulation clearly had zero effect on these issues.


> Nobody was upset about the port 25 blocks.

I am. I want to run a mail server from home. I want to run a web server from home. I have the up speed, but my ISP either makes it hard or puts in their terms that I can't. If nobody minds that SMTP inbound blocked, will they similarly not mind when their other favorite bi-directional communication system stops working because it is blocked? If the ends of the spectrum want to handle reputation management, open relays, spam, etc they can.

Now of course I don't conflate this with the modern view of NN, simply because doing so would dilute its efforts. But, for me ideally, I would like all targets/bytes/ports/packets to be neutral in transit.


This would easily fall into one of the many permitted exceptional cases.


Hmmmm, maybe ask on NANOG or something?

Unfortunately there's apparently no AS701 looking glass.


Yeah, getting a contact via NANOG or Outages is the right venue for this. There are a lot of automated/low-level paths to these kinds of blockages that have nothing to do with elaborate hypothesized malice (of course, once that has been eliminated, then you can start hypothesizing all you like).


Antispam responses are one such automated path.


For what it's worth, I can ping 86.59.21.38 when tethered on my Verizon phone.


Via Tor?


Without return traceroutes from tor26 this guy can't prove his claim at all. No proof that the problem is even within 701.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: