[tor-relays] Exits behind a next-gen firewall? Opinions please

Moritz Bartl moritz at torservers.net
Fri Jul 11 00:34:17 UTC 2014

Hi Jesse,

On 07/11/2014 01:23 AM, Jesse Victors wrote:> can detect an obvious
>     clearnet attack and drop that connection a few milliseconds after
>     the attack occurs

I would advise against anything that touches the traffic. There will be
false positives, and I know quite a number of researchers that use Tor
specifically to test infrastructure against exploits. What if I want to
try and attack my own sites? Besides, maybe I'm old school about this,
but I find it both unethical and against the law to interfere with user
traffic. One might argue that if you take the law literally, for example
DMCA 512, any interference makes you lose the "common carrier" status:

 * the service provider does not select the recipients of the material
 * the material is transmitted through the system or network without
modification of its content


We are promoting free network access without interference. Yes, we see
these kinds of "attacks" from time to time, but they should be handled
on the destination side. It's not the network providers fault that
endpoint security is so ridiculous.

Moritz Bartl

More information about the tor-relays mailing list