[tor-relays] Exits behind a next-gen firewall? Opinions please

Andrew Lewman andrew at torproject.is
Fri Jul 11 13:05:24 UTC 2014


On 07/10/2014 07:23 PM, Jesse Victors wrote:
>  My ISP now tells me that they could reduce
> the reports even further by routing the exits through a
> "next-generation firewall" which apparently can detect an obvious
> clearnet attack and drop that connection a few milliseconds after the
> attack occurs. 

A "next-generation firewall" uses deep packet inspection(DPI) to analyze
content as it crosses the firewall. We don't want to promote DPI, given
Tor is used in many parts of the world to bypass DPI filtering and
censorship.

-- 
Andrew
pgp 0x6B4D6475
https://www.torproject.org/
+1-781-948-1982


More information about the tor-relays mailing list