Re: [tor-relays] Exits behind a next-gen firewall? Opinions please

On 07/10/2014 07:23 PM, Jesse Victors wrote:

My ISP now tells me that they could reduce the reports even further by routing the exits through a "next-generation firewall" which apparently can detect an obvious clearnet attack and drop that connection a few milliseconds after the attack occurs.

A "next-generation firewall" uses deep packet inspection(DPI) to analyze content as it crosses the firewall. We don't want to promote DPI, given Tor is used in many parts of the world to bypass DPI filtering and censorship.