Differences
This shows you the differences between two versions of the page.
|
hoster:inquiry [2012/07/05 09:57] moritz updated templates |
hoster:inquiry [2012/08/30 18:24] (current) fe80:e413:40ac:0e88:c719:4f17:a867:4430 [RIPE] |
||
|---|---|---|---|
| Line 19: | Line 19: | ||
| I've been referred to you by a happy customer. | I've been referred to you by a happy customer. | ||
| - | We are a registered non-profit from Germany working together with security and cryptographic experts on censorship circumvention. Tor is a research project that offers encrypted and safe tunnels for those affected by Internet censorship or worried about their privacy. You probably already know about Tor. | + | We are a registered non-profit from Germany working together with |
| + | security and cryptographic experts on censorship circumvention. Tor is | ||
| + | a research project that offers encrypted and safe tunnels for those | ||
| + | affected by Internet censorship or worried about their privacy. | ||
| - | Even though we only allow a number of well-known ports to exit from our servers to not facilitate file sharing, Tor can unfortunately lead to a number of (mostly unwarranted) abuse complaints. We have volunteers doing 24/7 abuse handling and have successfully managed over 20 servers in parallel in various jurisdictions. | + | Even though we only allow a number of well-known ports to exit from our |
| + | servers to not facilitate file sharing, Tor can unfortunately lead to a | ||
| + | number of (mostly unwarranted) abuse complaints. We have volunteers | ||
| + | doing 24/7 abuse handling and have successfully managed over 20 servers | ||
| + | in parallel in various jurisdictions. | ||
| - | Are you fine with Tor hosting? I would also be very much interested in a partly sponsored deal. I can put up banners for xxx on Torservers, and we reach a lot of privacy aware people through various channels. | + | Are you fine with Tor hosting? I would also be very much interested in |
| + | a partly sponsored deal. I can put up banners for xxx on Torservers, | ||
| + | and we reach a lot of privacy aware people through various channels. | ||
| - | We would be able to pay for 6 months up front, and need RIPE reassignment and a /24 IP block (see https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE ). | + | We would be able to pay for 6 months up front, and need RIPE |
| + | reassignment of a /29 IP block (see https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE ). | ||
| If you want to chat about it, you can find me on Jabber xxx. | If you want to chat about it, you can find me on Jabber xxx. | ||
| Line 59: | Line 69: | ||
| Jabber/XMPP bla@domain.example or visit our website at https://www.torservers.net/ | Jabber/XMPP bla@domain.example or visit our website at https://www.torservers.net/ | ||
| </file> | </file> | ||
| + | |||
| + | ====== WHOIS Reassignent ====== | ||
| Before you finally order make sure they will really give you proper WHOIS reassignment. Many promise to do so, but then don't want to change admin-c/tech-c/abuse records, which is crucial. Read RIPE/ARIN guidelines. | Before you finally order make sure they will really give you proper WHOIS reassignment. Many promise to do so, but then don't want to change admin-c/tech-c/abuse records, which is crucial. Read RIPE/ARIN guidelines. | ||
| - | ====== ARIN ====== | + | When an ISP in Europe, the Middle East or Rusia assigns IP-addresses to you as a customer, the ISP is supposed to register such an assignment in the RIPE database. When running a Tor exit-node you want to ask your ISP to make a customized registration, denoting the special use for these IP-addresses. |
| + | |||
| + | There are two reasons. First of all you want to make clear right away to anyone investigating traffic from these IP-addresses, that it's traffic you've been relaying only. Second, you want correspondence on abuse issues directed to yourself, instead of your ISP. To change the registration of the assignment, you have to contact your ISP. | ||
| + | |||
| + | ===== ARIN ===== | ||
| * ARIN Reassignment Form: https://www.arin.net/resources/templates/reassign-simple.txt | * ARIN Reassignment Form: https://www.arin.net/resources/templates/reassign-simple.txt | ||
| * (prefilled for Torservers.net: http://www.torservers.net/misc/arin-torservers.txt - ISP only needs to edit Network Section, 20-23) | * (prefilled for Torservers.net: http://www.torservers.net/misc/arin-torservers.txt - ISP only needs to edit Network Section, 20-23) | ||
| - | ====== RIPE ====== | + | ===== RIPE ===== |
| With RIPE, it works even better than with ARIN as most people respect the WHOIS entry there without going directly for the upstream record. In our experience, this happens a lot with ARIN. But - my guess is due to some stricter regulations by RIPE - less ISPs are willing to reassign RIPE IPs. | With RIPE, it works even better than with ARIN as most people respect the WHOIS entry there without going directly for the upstream record. In our experience, this happens a lot with ARIN. But - my guess is due to some stricter regulations by RIPE - less ISPs are willing to reassign RIPE IPs. | ||
| Some reports, like Shadowserver reports, get sent to the AS, so WHOIS does not help against those. With luck you can get your ISP to ignore or auto-forward them to you. | Some reports, like Shadowserver reports, get sent to the AS, so WHOIS does not help against those. With luck you can get your ISP to ignore or auto-forward them to you. | ||
| - | If you don't have ''mtner'' and ''person'' handles for your Tor exits, use the helpful wizard at https://apps.db.ripe.net/startup/ or manually create them at https://apps.db.ripe.net/webupdates/select-type.html . You can update those records any time. | + | First you need to create the so-called PERSON and MNTNER objects in the RIPE-database. The second object is required to secure the first object. You can do this by [[https://apps.db.ripe.net/startup/|filling out a form]] on the website of RIPE, [[http://www.ripe.net/lir-services/training/e-learning/ripe-database/copy_of_ripe-database/create-your-first-person-and-maintainer-object-pair|as explained here]]. Both objects have a number of mandatory fields, like the address and phone fields for the PERSON object. Allthough RIPE does not check the validity of the entries, it's appreciated to enter valid information if possible. |
| + | |||
| + | Then you have to ask your ISP to change the registration of your IP-addresses. It is suggested your ISP adds "remarks" field to the INETNUM object denoting the IP-addresses within that block are used for routing Tor traffic. The other thing you should ask your provider is to set the fields "admin-c" and "abuse-mailbox" fields to your PERSON object. In the end it should state something similar to [[https://apps.db.ripe.net/search/query.html?searchtext=77.247.181.160&searchSubmit=search#resultsAnchor|this example]] or [[https://apps.db.ripe.net/search/query.html?searchtext=94.142.245.231&searchSubmit=search#resultsAnchor|this example]]. If you want to improve the changes of getting this right, prepare the form for your ISP to submit. These changes shouldn't take a lot of time for your ISP. | ||
| - | You need at least one ''mtner'' and one ''person'' handle. Tell your ISP to create an ''inetnum'' record linking those handles (mtner, admin-c, tech-c). You should suggest apprioriate ''desc'', ''remarks'' and ''country'' entries (see examples below). RIPE does not require ''country'' to be the location of your server, nor your own location. Your ISP nevertheless might want either your location or the servers location in there. I am not a fan of confusing GeoIP (and users), but you could specify any country. It is even possible to list more than one country, but be aware that it takes several months for GeoIP services to pick up changes (if they ever do) and that you won't be able to update the ''inetnum'' record yourself later. | + | RIPE does not require ''country'' to be the location of your server, nor your own location. Your ISP nevertheless might want either your location or the servers location in there. I am not a fan of confusing GeoIP (and users), but you could specify any country. It is even possible to list more than one country, but be aware that it might take several months for GeoIP services to pick up changes (if they ever do) and that you won't be able to update the ''inetnum'' record yourself later. |
| ===== example records ===== | ===== example records ===== | ||
