A while ago I had a lengthy dicussion with my ISP about this. They wanted me to run Snort on my exit to shut off variuos types of traffic coming from it. In the end I agreed only to allow encrypted protocols to exit, which placated them (and a subsequent bandwith limitation booted me out of the exit pool in any case).
But along the way I asked some others about the legal implications of doing what the ISP had asked. The rough consensus was that in the UK at least, I would only be able to evesdrop on traffic once consent had been given by those being monitored. Otherwise I'd be illegally wiretapping and open to prosecution. But it was far from clear what would happen if somebody took me a court!
On 12 June 2016 at 16:12, Dr Gerard Bulger gerard@bulger.co.uk wrote:
It is heresy to suggest that Exit relays do anything of a sort, that is attempt to reject obvious attackers on an IP? Tor is neutral. Once TOR exits attempts any filtering where would it stop? It is a slippery slope. I think not, as to extend to other areas would far too complex and have diminishing returns. DMCA complaints for example was waste of time, and not all counties have copyright laws.
I know that everyone on the internet should secure their servers, and take their own measures to block attacks, but too often those corporate measures include an automated abuse complaint being sent out. No explaining to ISP on what it means helps, as many of their staff are just too dumb and have to play safe.
It is more than embarrassing to run an exit node and get abuse complaints about persistent and repeated attacks on an IP. The intent is clearly criminal. VPS providers in the UK are increasing intolerant in receiving such complaints. The whole VPS can be closed down by the ISP/VPS provider not forcing a closure of the TOR exit. Fewer ISPs will allow you to install an exit node at all.
I am only wondering about blocking the obvious attacks or mass attacks to block. Is anyone developing such tools? Is it even possible? Those of us who would wish to enact such software, if it could be made, would have a flag on Tor Atlas stating that there is such a filter in place.
Gerry
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays