Inquiry

Subject: Tor Server Custom Build

Hi,

I am interested in your dedicated Gbit specials for hosting a Tor exit. 
Can you give me a quote for a Dual Xeon E5620 2.4Ghz with 8GB RAM, 
2x500GB RAID1 (or as small as you can get in terms of hard drives, 
does not matter) and ARIN/RIPE IP reassignment for a small subnet 
towards our organization?

Thank you,
Hi xxx

I am interested in your high volume servers for hosting Tor exit nodes.
I've been referred to you by a happy customer.

We are a registered non-profit from Germany working together with 
security and cryptographic experts on censorship circumvention. Tor is 
a research project that offers encrypted and safe tunnels for those 
affected by Internet censorship or worried about their privacy.  

Even though we only allow a number of well-known ports to exit from our 
servers to not facilitate file sharing, Tor can unfortunately lead to a 
number of (mostly unwarranted) abuse complaints. We have volunteers 
doing 24/7 abuse handling and have successfully managed over 20 servers 
in parallel in various jurisdictions.

Are you fine with Tor hosting? I would also be very much interested in 
a partly sponsored deal. I can put up banners for xxx on Torservers, 
and we reach a lot of privacy aware people through various channels.

We would be able to pay for 6 months up front, and need RIPE 
reassignment of a /29 IP block (see https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE ).

If you want to chat about it, you can find me on Jabber xxx.

--
Moritz Bartl
President & Founder

Follow up if positive response:

Thank you for getting back to me so quickly.

About Tor: We are a registered non-profit from Germany working 
together with security and cryptography experts on censorship
circumvention. Tor is a research project funded by the US Government
(and others) that offers encrypted and safe tunnels to those affected by
Internet censorship (China, Iran, Egypt, Burma etc). Among our partners
are Human Rights Organizations and social movements from around the globe.

Even though we only allow a number of well-known ports to exit from our
servers to not facilitate file sharing, Tor can unfortunately lead to a
number of (mostly unwarranted) abuse complaints. The Tor network and
software blocks unprotected ports such as SMTP automatically, so Tor IPs
rarely make it to blacklists.

Even though we only allow a number of well-known ports to exit from our 
servers to not facilitate file sharing, Tor can unfortunately lead to a 
number of (mostly unwarranted) abuse complaints. We have volunteers doing 
24/7 abuse handling and have successfully managed over 20 servers in 
parallel in various jurisdictions.

If you like to know more about the project, feel free to contact me on
Jabber/XMPP bla@domain.example or visit our website at https://www.torservers.net/

WHOIS Reassignent

Before you finally order make sure they will really give you proper WHOIS reassignment. Many promise to do so, but then don't want to change admin-c/tech-c/abuse records, which is crucial. Read RIPE/ARIN guidelines.

When an ISP in Europe, the Middle East or Rusia assigns IP-addresses to you as a customer, the ISP is supposed to register such an assignment in the RIPE database. When running a Tor exit-node you want to ask your ISP to make a customized registration, denoting the special use for these IP-addresses.

There are two reasons. First of all you want to make clear right away to anyone investigating traffic from these IP-addresses, that it's traffic you've been relaying only. Second, you want correspondence on abuse issues directed to yourself, instead of your ISP. To change the registration of the assignment, you have to contact your ISP.

ARIN

RIPE

With RIPE, it works even better than with ARIN as most people respect the WHOIS entry there without going directly for the upstream record. In our experience, this happens a lot with ARIN. But - my guess is due to some stricter regulations by RIPE - less ISPs are willing to reassign RIPE IPs. Some reports, like Shadowserver reports, get sent to the AS, so WHOIS does not help against those. With luck you can get your ISP to ignore or auto-forward them to you.

First you need to create the so-called PERSON and MNTNER objects in the RIPE-database. The second object is required to secure the first object. You can do this by filling out a form on the website of RIPE, as explained here. Both objects have a number of mandatory fields, like the address and phone fields for the PERSON object. Allthough RIPE does not check the validity of the entries, it's appreciated to enter valid information if possible.

Then you have to ask your ISP to change the registration of your IP-addresses. It is suggested your ISP adds “remarks” field to the INETNUM object denoting the IP-addresses within that block are used for routing Tor traffic. The other thing you should ask your provider is to set the fields “admin-c” and “abuse-mailbox” fields to your PERSON object. In the end it should state something similar to this example or this example. If you want to improve the changes of getting this right, prepare the form for your ISP to submit. These changes shouldn't take a lot of time for your ISP.

RIPE does not require country to be the location of your server, nor your own location. Your ISP nevertheless might want either your location or the servers location in there. I am not a fan of confusing GeoIP (and users), but you could specify any country. It is even possible to list more than one country, but be aware that it might take several months for GeoIP services to pick up changes (if they ever do) and that you won't be able to update the inetnum record yourself later.

example records

documentation

Additional RIPE Documentation for ISPs (it sometimes helps to pass that on in case they don't know how to do reassignments):

hoster/inquiry.txt · Last modified: 2012/08/30 18:24 by fe80:e413:40ac:0e88:c719:4f17:a867:4430