Re: TOR Exit Nodes and US .Edus?

[John K Lerchey <lerchey () ANDREW CMU EDU>]

Hi All,

We - Carnegie Mellon - have had a Tor-exit node for a number of years.  

Some of the issues that we have faced are:

        1) University reputation due to various attacks, scans, etc. sent through the Tor system
        2) Need to modify existing security procedures to "exempt" the server from being taken off of the network for 
various activities.  The same activities would trigger a network suspension in many cases for any other machine.
        3) Having to explain to law enforcement and other groups/individuals that we really cannot determine who was 
responsible for <whatever is being reported> when the IP address is part of the university's IP range.
        4) Interesting discussions between research faculty and our general counsel. :)

What we have done (fairly recently) was to move the Tor server onto a completely different sub-net so that it does not 
use the same IP range as is used for ... less contentious computers on our network.

We also have developed a good working relationship with the research faculty.  We provide reporters of problems with 
instructions on how to not accept traffic from Tor nodes, but if there is push-back, the faculty block outbound traffic 
to the requested IP addresses or ranges.

Since we moved the service into a less-obviously-us subnet, we have been receiving far fewer reports of problems.

We don't have a formal policy on Tor Exit Nodes, but we only allow those that are approved for research purposes.

I hope that this helps,

John

John K. Lerchey
Incident Response Coordinator
Information Security Office
Carnegie Mellon University

Give a man a phish, you might get his credentials.
Teach a man to phish, he’ll get someone elses.

Never provide your credentials in response to an email message.





-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn 
Merdinger
Sent: Tuesday, April 28, 2015 9:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] TOR Exit Nodes and US .Edus?

Hi List Folks,

Looking at https://torstatus.blutmagie.de it appears a number of US universities and colleges are running TOR exit 
nodes.

For example:

sipb-tor.mit.edu
tor-exit.eecs.umich.edu
belegost.csail.mit.edu
tor-exit.eecs.umich.edu
tor00.telenet.unc.edu
freeland.student.rit.edu
tor-exit.csail.mit.edu
tor-node.rutgers.edu
cs-tor.bu.edu
onions.mit.edu
tor-exit-node.cs.washington.edu
epitaphtwo.stanford.edu
tor-node.cs.usu.edu
bomboloni.mit.edu
thangorodrim.stanford.edu
tor-node.cs.usu.edu
torrouter.ucar.edu
d23-105.uoregon.edu
yofgerr.ucar.edu
tor-exit-node.cs.usu.edu
dhcp-172-214.caltech.edu
tor-relay.cs.usu.edu
tor-relay.cs.usu.edu
torrouter.ucar.edu
yofgerr.ucar.edu
tor-exit-node-2.cs.usu.edu
uncle-enzo.mit.edu
tor-exit-node.cs.usu.edu
wangata.ml-ext.ucar.edu
tor-exit-node-2.cs.usu.edu
wangata.ml-ext.ucar.edu
moria.csail.mit.edu
towhee.csail.mit.edu
ozone.uoregon.edu
dhcp-v14-00117.highsouth-resnet.unc.edu
xvm-five-28.mit.edu
moria.csail.mit.edu
intended.cs.wesleyan.edu
raspberrytea.mit.edu
ibben.stanford.edu
li3n45-38.mtholyoke.edu
dhcp135.cs.columbia.edu
ibben.stanford.edu
torrouter.ml-ext.ucar.edu
tor-relay00.ailab.wsu.edu
tanet-tor-exit.mit.edu
rdserv.student.rit.edu
csg-gate.eecs.wsu.edu
cast-tor.cast.uark.edu
dhcp-168-242.caltech.edu
dhcp0052.community.resnet.group.upenn.edu
a01165910-raspi.bluezone.usu.edu
saylor-02.feldberg.brandeis.edu
ccrps33.cs.csubak.edu
torg.cns.ksu.edu
caslab.eng.yale.edu
planetlabone.ccs.neu.edu

I am curious as to what challenges, internal and external, there are to providing TOR exit nodes.  Any institution have 
a formal, written policy?  Any push-back (or support) from legal, professors, administration, campus police?  Anecdotal 
stories to share of issues, positive or negative?  Abuse complaints?

Cheers,
--scm