[tor-relays] Intrusion Prevention System Software - Snort or Suricata
Tristan
supersluether at gmail.com
Sun Oct 9 00:01:56 UTC 2016
True, but slowing them down could still be useful.
At any rate, Suricata is a no-go for low-end relays that only have 500MB of
RAM. It just hammers the pagefile.
On Sat, Oct 8, 2016 at 7:00 PM, Markus Koch <niftybunny at googlemail.com>
wrote:
> Would not help. These are bots, you can slow them down but this will
> not stop them at all.
>
> Markus
>
>
> 2016-10-09 1:57 GMT+02:00 teor <teor2345 at gmail.com>:
> >
> >> On 7 Oct 2016, at 05:07, Green Dream <greendream848 at gmail.com> wrote:
> >>
> >> If we're going to change anything I think it needs to happen within
> >> Tor software. Operators could leverage the existing "Exitpolicy
> >> reject" rules, or Tor could add functionality there if it's missing.
> >> Whatever we do, I think it needs to be uniform and transparent.
> >
> > I had a conversation with someone at the recent tor meeting about
> > rate-limiting Tor traffic. There are all sorts of drawbacks (blocking
> > popular sites, for example), but I wonder if there are rate-limiting
> > settings that would eliminate the majority of abuse reports based on
> > default fail2ban and similar reporting system settings.
> >
> > For example, I wonder if the complaints I receive about SSH could be
> > eliminated by slowing down repeated SSH connections to the same host
> > by a second or so.
> >
> > Clearly more research is needed to work out if this is even feasible,
> > and, if it is, what rate limits should apply to what ports.
> >
> > T
> >
> > --
> > Tim Wilson-Brown (teor)
> >
> > teor2345 at gmail dot com
> > PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> > ricochet:ekmygaiu4rzgsk6n
> > xmpp: teor at torproject dot org
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
--
Finding information, passing it along. ~SuperSluether
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161008/6627a96d/attachment.html>
More information about the tor-relays
mailing list