What have you been working with? :) When the IPS is working wrong, it's because of the admin ... :) You probably will invest your time, but the ISP won't. The amount of the problems is multiplying. Tor should evolve, or it will extinct like dinosaurs. I think that this IPS should be done by community (or at least the setting of some IPS product). It should be completely open and transparent - the code and rules. ---------- Původní zpráva ---------- Od: Ralph Seichter <tor-relays-ml@horus-it.de> Komu: tor-relays@lists.torproject.org Datum: 6. 10. 2016 12:34:02 Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata "On 06.10.16 12:12, oconor@email.cz wrote:
There is a possibility of parsing log of IPS a do actions with the
policies.
I don't trust any IPS that I have seen so far to come up with smart enough exit policies. If I were to use an IPS to dynamically limit inbound traffic (on a non-Tor server) and the IPS gets things wrong, only my own server is affected. If an IPS gets outbound Tor policies wrong, it potentially affects a lot of people. Manually dealing with complaints is a chore, but I am willing to invest the necessary time and work to be able to make an informed decision. I can understand that not every service provider has the manpower (or willingness) to do the same, but I consider Tor's purpose to be too important to leave decisions to a piece of software. -Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"