What have you been working with? :) When the IPS is working wrong, it's because of the admin ... :)

You probably will invest your time, but the ISP won't. The amount of the problems is multiplying. Tor should evolve, or it will extinct like dinosaurs.

I think that this IPS should be done by community (or at least the setting of some IPS product). It should be completely open and transparent - the code and rules.

---------- Původní zpráva ----------
Od: Ralph Seichter <tor-relays-ml@horus-it.de>
Komu: tor-relays@lists.torproject.org
Datum: 6. 10. 2016 12:34:02
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

On 06.10.16 12:12, oconor@email.cz wrote:

> There is a possibility of parsing log of IPS a do actions with the
> policies.

I don't trust any IPS that I have seen so far to come up with smart
enough exit policies. If I were to use an IPS to dynamically limit
inbound traffic (on a non-Tor server) and the IPS gets things wrong,
only my own server is affected. If an IPS gets outbound Tor policies
wrong, it potentially affects a lot of people.

Manually dealing with complaints is a chore, but I am willing to invest
the necessary time and work to be able to make an informed decision. I
can understand that not every service provider has the manpower (or
willingness) to do the same, but I consider Tor's purpose to be too
important to leave decisions to a piece of software.

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays