Hi Jesse,
On 07/11/2014 01:23 AM, Jesse Victors wrote:> can detect an obvious
clearnet attack and drop that connection a few milliseconds after the attack occurs
I would advise against anything that touches the traffic. There will be false positives, and I know quite a number of researchers that use Tor specifically to test infrastructure against exploits. What if I want to try and attack my own sites? Besides, maybe I'm old school about this, but I find it both unethical and against the law to interfere with user traffic. One might argue that if you take the law literally, for example DMCA 512, any interference makes you lose the "common carrier" status:
* the service provider does not select the recipients of the material * the material is transmitted through the system or network without modification of its content
http://www.law.cornell.edu/uscode/text/17/512
We are promoting free network access without interference. Yes, we see these kinds of "attacks" from time to time, but they should be handled on the destination side. It's not the network providers fault that endpoint security is so ridiculous.