I think it is relevant.
There are two sides to creating a connection and traffic can be filtered on both ends. On the initiator: any invalid outgoing packets can be filtered On the receiver: any not expected / invalid packets can be filtered
Just a question: how can the hoster determine whether a packet is part of a port scan or valid connection request? Unless the packet is mangled/invalid (ex: out of sequence like fin / syn scan) it can't as it is unaware what services are running at the other end. Effectively what the hoster is also doing, is imposing a rate limit on rate and number of connections.
On Tue, 5 Dec 2017 at 19:51 Ralph Seichter m16+tor@monksofcool.net wrote:
On 05.12.17 19:24, r1610091651 wrote:
Having servers on-line and complaining about such things is just unreasonable and laziness on the operator side: don't want scans, then setup proper firewall rules. Done.
Your comment is not applicable in this particular case; please read my other messages in this thread to see why.
-Ralph _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays