[tor-relays] Filter Tor Exit Node for blatant attacks on servers

Jonathan Baker-Bates jonathan at bakerbates.com
Sun Jun 12 16:42:06 UTC 2016 

A while ago I had a lengthy dicussion with my ISP about this. They wanted
me to run Snort on my exit to shut off variuos types of traffic coming from
it. In the end I agreed only to allow encrypted protocols to exit, which
placated them (and a subsequent bandwith limitation booted me out of the
exit pool in any case).

But along the way I asked some others about the legal implications of doing
what the ISP had asked. The rough consensus was that in the UK at least, I
would only be able to evesdrop on traffic once consent had been given by
those being monitored. Otherwise I'd be illegally wiretapping and open to
prosecution. But it was far from clear what would happen if somebody took
me a court!





On 12 June 2016 at 16:12, Dr Gerard Bulger <gerard at bulger.co.uk> wrote:

> It is heresy to suggest that Exit relays do anything of a sort, that is
> attempt to reject obvious attackers on an IP?  Tor is neutral. Once TOR
> exits attempts any filtering where would it stop?   It is a slippery slope.
> I think not, as to extend to other areas would far too complex and have
> diminishing returns.  DMCA complaints for example was waste of time, and
> not
> all counties have copyright laws.
>
> I know that everyone on the internet should secure their servers, and take
> their own measures to block attacks, but too often those corporate measures
> include an automated abuse complaint being sent out.  No explaining to ISP
> on what it means helps, as many of their staff are just too dumb and have
> to
> play safe.
>
> It is more than embarrassing to run an exit node and get abuse complaints
> about persistent and repeated attacks on an IP. The intent is clearly
> criminal.  VPS providers in the UK are increasing intolerant in receiving
> such complaints.  The whole VPS can be closed down by the ISP/VPS provider
> not forcing a closure of the TOR exit.  Fewer ISPs will allow you to
> install
> an exit node at all.
>
> I am only wondering about blocking the obvious attacks or mass attacks to
> block.   Is anyone developing such tools?  Is it even possible?  Those of
> us
> who would wish to enact such software, if it could be made, would have a
> flag on Tor Atlas stating that there is such a filter in place.
>
> Gerry
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160612/8e90a82f/attachment.html>

More information about the tor-relays mailing list