[tor-relays] How to protect yourself from network scanning
Nicolas Braud-Santoni
nicolas at braud-santoni.eu
Tue Jul 31 19:54:21 UTC 2012
2012/7/31 grarpamp <grarpamp at gmail.com>:
>> I've thought about constructing iptables rules to limit the number of
>> SYN packets for the same host per second or such
>
> Multiple flows to the same host don't really bother routers of any class.
> Old routers choke when looking up many hosts in the routing table.
> So your proposed rules against port-scanning single hosts wouldn't help.
> Unless each SYN to a host is generated from multiple Tor-based
> IP-scanner's, in which case your node or Tor would probably be underwater
> from the parallel scans anyways.
Or perhaps their network is perfectly able to take that, but their
staff is unwilling to look beyond « I recieved a mail on abuse@ » ...
More information about the tor-relays
mailing list