On Wednesday 09 March 2011 03:20:03 Fabio Pietrosanti (naif) wrote:
On 3/9/11 3:35 AM, Robert Ransom wrote: We *really* need to find a technical way to be able to detect and block outgoing portscan from the TOR exit nodes.
How is the ISP detecting the portscan? Does it log failed connections? Does it look for lots of addresses accessed in a small IP address range?
On Wednesday 09 March 2011 04:19:54 Fabio Pietrosanti (naif) wrote:
And in such extremely finely tuned situation, block or strongly-rate-limit the traffic to the destination?
Rate-limiting the circuit (to one packet every 1 to 5 seconds) is something to try. We could divide the number of failed connections by (number of connection attempts +5), and if that goes above 50%, throttle the circuit.