Hi Relay Operators,
I operate a tor relay that occasionally obtains guard relay status. I have noticed a pattern that around the time my relay becomes a guard relay, certain Canadian government websites will start black holing my connection.
I’m wondering if other relay operators have experienced similar issues?
One website in question is the Canadian weather information website:
Thanks!
I’ve noticed that it is slow to come in and took a long while to finish. Tried it and it exited from PL.
Then I thought: How does a website know where the guard is from. It can tell the traffic is from Tor.
My understanding of Tor is that a site sees traffic from an exit node and has no knowledge of the source IP or the guard or middle node. Do you mean exit node instead of guard?
The IP address has a tor relay running on it, but I’m not using Tor to connect to these websites. My connection is behind a Wireguard tunnel, and the IP address with the guard relay running is also the egress IP for the Wireguard as well, so that (guard relay) IP address is what the website sees.
As you mentioned, connections to these websites using Tor are slow but do not seem to be outright blocked. If not even exit relay IPs are blocked, then it does not make sense that they would specifically block guard relay IP.
Now I’m speculating along the direction that perhaps these websites never ban any IP address outright, but instead add a bit of delay to the connection for every “suspicious” factor they detect. When there are too many “suspicious” factors (“Tor relay IP”, “guard relay IP", “MTU < 1500”), the delays add up to a value large enough to cause a TCP timeout.
Along with your speculation factors it could be that the egress IP is on a bad list somewhere because it was used for abuse and gets blocked. Did you check it on some of those lists?
Tried it again before posting this and it acted almost normal. It came in normal and slowed a bit for the map. Exited from DE.
Then I tried it again from my non-Tor browser (cleared cache) and it acted like the Tor connection. Just a bit snappier and that is to be expected.
I just did a check on mxtoolbox, the IP address is on two backlists, namely “DAN TOR” and “s5h.net”. But it looks like other tor relay IP addresses are all on these two lists, so I’m assuming your relay’s IP is on these two lists as well?
I also tried direct connection (without Wireguard) from the relay IP address. The website (205.189.10.43) doesn’t response to TCP SYN or ICMP echo at all.
I should mention that this happens to a few other Canadian government websites as well, and when one of them stops working, all of them do. Happens to all user agents I’ve tried (firefox, chromium, curl, etc.), but doesn’t happen to any other websites I visit.
Are there any other blacklists I should be checking, or are there other any directions I should be looking at?
BTW, I also found an old reddit post complaining about something similar.
https://www.reddit.com/r/TOR/comments/thk2ee/canada_cra_website_blocking_ip_addresses_running/