[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Verizon/UUNET AS701 blocking Tor "directory" server (IPv4 86.59.21.38)

Subject: Verizon/UUNET AS701 blocking Tor "directory" server (IPv4 86.59.21.38)
From: neel at neelc.org (Neel Chauhan)
Date: Wed, 16 May 2018 13:50:06 -0400

Hi nanog mailing list,

Keep in mind that I am not a practicing network engineer, although I do 
have interest and knowledge on networking topics. I do not work for 
Verizon. I subscribe to Verizon FiOS, but not Verizon Wireless or 
Verizon's enterprise services.

The Tor "directory" server with the IPv4 address 86.59.21.38 has been 
blocked by Verizon's AS701 backbone for a few months now. AS701 provides 
Internet connectivity to Verizon FiOS and Wireless.

The design of Tor is that even though anyone can set up a "relay", there 
are a few central directory servers which clients go to first to get a 
list of relay servers and build a circuit (which is a path of three 
relays to reach a destination). A more descriptive overview of Tor is 
available here: https://www.torproject.org/about/overview.html.en .

While I can still access other Tor directory servers from Verizon FiOS 
as running Tor as a client or relay does not require every directory 
server be unblocked, blocking one of them could possibly mean breaking 
some part of the Internet for a Verizon customer.

A traceroute to 86.59.21.38 from FiOS shows that I can get through 
verizon-gni.net which is Verizon's internal FiOS network, but not 
ALTER.NET, which is Verizon's UUNet backbone:

neel at xb2:~ % traceroute 86.59.21.38
traceroute to 86.59.21.38 (86.59.21.38), 64 hops max, 40 byte packets
   1  unknown (192.168.1.1)  1.128 ms  0.780 ms  0.613 ms
   2  lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1)  1.001 ms  
3.632 ms  0.900 ms
   3  B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96)  2.291 ms
      B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94)  3.172 ms  
4.046 ms
   4  * * *
   5  * * *
   6  * * *
   7  * * *
   8  * * *
   9  * * *
^C
neel at xb2:~ %

In a normal traceroute, I would see ALTER.NET on hop 5. Also, this 
filtering is not a subnet filtering. A traceroute to 86.59.21.1 works:

neel at xb2:~ % traceroute 86.59.21.1
traceroute to 86.59.21.1 (86.59.21.1), 64 hops max, 40 byte packets
   1  unknown (192.168.1.1)  0.863 ms  0.757 ms  0.579 ms
   2  lo0-100.NYCMNY-VFTTP-401.verizon-gni.net (173.68.77.1)  1.010 ms  
1.545 ms  1.034 ms
   3  B3401.NYCMNY-LCR-22.verizon-gni.net (100.41.137.96)  3.616 ms
      B3401.NYCMNY-LCR-21.verizon-gni.net (100.41.137.94)  5.696 ms  
10.062 ms
   4  * * *
   5  0.et-5-1-5.BR3.NYC4.ALTER.NET (140.222.2.127)  3.492 ms  3.506 ms  
2.996 ms
   6  204.255.168.118 (204.255.168.118)  8.462 ms  7.479 ms  7.252 ms
   7  144.232.4.84 (144.232.4.84)  5.041 ms  4.688 ms
      sl-crs3-lon-0-6-3-0.sprintlink.net (144.232.9.165)  71.865 ms
   8  sl-crs2-lon-0-0-3-0.sprintlink.net (213.206.128.181)  72.214 ms  
73.579 ms  72.339 ms
   9  213.206.129.142 (213.206.129.142)  81.390 ms
      sl-crs4-ams-0-7-0-3.sprintlink.net (213.206.129.139)  85.854 ms  
93.238 ms
10  217.149.47.46 (217.149.47.46)  79.004 ms  85.669 ms  79.392 ms
11  ams5-core-1.bundle-ether1.tele2.net (130.244.82.54)  86.507 ms  
78.374 ms  77.740 ms
12  ams-core-2.bundle-ether9.tele2.net (130.244.82.57)  79.642 ms  
77.926 ms  81.515 ms
13  wen3-core-2.bundle-ether15.tele2.net (130.244.71.47)  105.400 ms  
105.089 ms  109.751 ms
14  tele2at-bundle2-vie3.net.uta.at (212.152.189.65)  122.716 ms  
110.820 ms  114.354 ms
15  86.59.21.1 (86.59.21.1)  106.389 ms *  105.379 ms
neel at xb2:~ %

I had posted this finding on Tor's mailing list 
(https://lists.torproject.org/pipermail/tor-relays/2018-May/015218.html). 
I am posting here as (I believe) Verizon NOC people are more likely to 
read NANOG mailing lists than Tor mailing lists, although this post is 
modified from the original because not all network engineers may know 
how Tor works.

 From Tor developer Roger Dingledine (at the Tor mailing list), the 
reason why Verizon blocked 86.59.21.38 in the first place is probably 
the WannaCry ransomware, and the VZ NOC didn't realize it was a Tor IP 
address (or how Tor works), and then whoever did this block forgot about 
it and moved on. I can understand that you all may not know how Tor 
works either, so I included an overview link above. It could also be 
possible that it's the NN repeal (but less likely since it is on the 
level of UUNET not FiOS).

I also contacted the operator of 86.59.21.38 as well as Verizon FiOS 
support, and neither were of much help (the former is obvious as he's 
Austrian).

Well, thank you for reading.

Best,

Neel Chauhan

===

https://www.neelc.org/

Prev by Date: Juniper BGP Convergence Time
Next by Date: internet - sparkle
Previous by thread: Curiosity about AS3356 L3/CenturyLink network resiliency (in general)
Next by thread: Whois vs GDPR, latest news
Index(es):
- Date
- Thread