[tor-relays] Filter Tor Exit Node for blatant attacks on servers

[Moritz Bartl]

On 06/12/2016 09:39 PM, Dr Gerard Bulger wrote:
> Not sure eavesdrop is the right word, since ISPs throttle all sorts of
> traffic by inspecting it such as torrent, let alone TOR.

Even that is highly controversial, and several countries have tried to
develop "net neutrality" laws to stop it.

And obviously throttling, or prioritization of certain types of data, is
different.

The other difference is that you can detect torrent traffic by looking
at some level of "meta data", whereas most attacks require you to look
at "content", too.

> could argue that in signing up for an internet connection, deep in the
> ISP’s small print, we consent to that behaviour.  Is it really true that
> consent has to be sought by every router on the way?

The customer has a contract relationship with its access provider. And
access providers have contracts with other transit/peering providers.

Also, most "attack prevention" mechanisms that I know of require more
than just "you run it and it will magically filter bad traffic". Also,
what if I want to portscan my own network over Tor? There's a lot of
legitimate research and analysis I can think of that will trigger simple
filter mechanisms.

Yes, it makes finding ISPs for exits harder, but certainly not
impossible. If everyone who on this list has thought about content
filtering and blocking would instead spend some time researching ISPs
and adding options to the GoodBadISPs wiki, there would be enough to
pick from. It does not take too long to find 50 support email addresses
of hosters, and mass mail them to ask whether they offer WHOIS reassignment.

-- 
Moritz Bartl
https://www.torservers.net/