<div dir="ltr"><div>Suricata allows direct access via the Tor network, Snort's website gave me multiple failed Captchas before I could access anything. I'm going to do some further research before I even think about implementing anything.<br><br></div>How does one detect false positives when running an IPS? Do you just frequently check the alerts and change the rules when necessary?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 6, 2016 at 9:45 AM, Ralph Seichter <span dir="ltr"><<a href="mailto:tor-relays-ml@horus-it.de" target="_blank">tor-relays-ml@horus-it.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 06.10.16 16:24, <a href="mailto:oconor@email.cz">oconor@email.cz</a> wrote:<br>
<br>
> The subject of this thread is: Intrusion Prevention System Software -<br>
> Snort or Suricata<br>
<br>
Fixed that for you. ;-)<br>
<br>
> If the only thing you wanted to say was, that you're against that,<br>
> we're probably done ;)<br>
<br>
Stating that I oppose the idea of IPS as means of automatic censorship<br>
of Tor exit nodes is part of the discussion.<br>
<br>
-Ralph<br>
______________________________<wbr>_________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Finding information, passing it along. ～SuperSluether</div>
</div>