Tag Archives: Banking

ASB Bank and TOR

Sometime in early December I thought I’d have a play with TOR.  I ran it up on micro and played with it for a few days.  I thought I’d “help the TOR world” by running an exit node, seeing as we have more bandwidth allocated to us than we use.

After a few days though I figured hell, I probably wasn’t doing much to help, so I turned it off and forgot about it.

Fast forward to a few weeks later:  Suddenly my wife can’t get to a website she needs to access.  Do some digging, turns out that it works from other IP’s, just not our home IP.  Our home IP is static, so I can’t just reboot and get a new one.  I email the people running the website and to my surprise, they’re very helpful.  They investigate and tell me that due to my IP having been a TOR node, it’s been blacklisted.  Their network gear auto-updates a blacklist every few weeks, so if we’re not longer a TOR node we should be removed.

No worries, I put a bypass in place in our home router, using OpenVPN.  Annoying, but it works.  A couple of weeks later they email me to tell me that it’s all sorted now. I remove the bypass and their site still works. Thanks!

Then ASB FastNet stops working. Both the website and their Mobile App (which accesses MobileAPI.asbbank.co.nz, a different IP than the Browser site.)  Argh!

I can’t get a single communication out of them as to why it doesn’t work, but trying to connection to FastNet classic gives me:
micro:~> curl -vv -I https://fnc.asbbank.co.nz
* About to connect() to fnc.asbbank.co.nz port 443 (#0)
* Trying
* Connection refused
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host

Which is quite annoying.  So I have an OpenVPN bypass in place for it as well.  The problem is my OpenVPN bypass is quite flakey, mostly due to the way I’ve setup OpenVPN.  It doesn’t reconnect properly when the tunnel drops, which it does every now and then on the end of a consumer grade Internet Service.

Can I get hold of anyone at ASB to help me?  Tell me why the IP’s blacklisted?  Nope.  I’ve emailed, prodded.  Very frustrating.  Please, someone at ASB in the Network Team get in contact.  Tell me what I can do to get removed/get this fixed.



Update: ASB use BrightCloud’s IP Reputation service.  Once I filed a request with Brightcloud and they verified we weren’t a TOR exit node anymore, they updated the status of our IP address and we can once again access ASB directly.  Thanks ASB for getting back to me after I made a lot of noise…