[tor-relays] Intrusion Prevention System Software - Snort or Suricata
pa011
pa011 at web.de
Tue Oct 4 15:42:08 UTC 2016
Am 04.10.2016 um 16:48 schrieb krishna e bera:
> On 04/10/16 08:48 AM, pa011 wrote:
>> One of my main ISP is going mad with the number of abuses he gets from my Exits (currently most on port 80).
>> He asks me to install "Intrusion Prevention System Software" or shutting down the servers.
>
> You can first ask him for a copy of the complaints in order to
> understand what sort of alleged abuses are taking place. Are the
> complaints about spam or scraping or web server exploits or something else?
I do get a copy of every complaint - they are unfortunately:
- Http browser intrucion - /var/log/apache2/other_vhosts_access.log:soldierx.com:80 xxx.xxx.xxx.xxx - - [30/Sep/2016:11:14:34 -0400] "HEAD / HTTP/1.0" 302 192 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
- invalid VAT number requests
-recorded connection attempt(s) from your hosts to our honeypots
- Issue: Source has attempted the following botnet activity: Semalt Referrer Spam Tor Exit Bot
- botnet drone|Description: Ramnit botnet victim connection to sinkhole details,
- attackers used the method/service: *imap*
> You can change your exit policy to reduce likelihood of complaints:
> https://blog.torproject.org/blog/tips-running-exit-node
I know, but I hardly like to block port 80
>> As far as I understand implementing such a software is not going together with Tor - am I right?
>
> If your exit nodes tamper with traffic in any way they will be labelled
> as Bad Exit. (Tor tries to be net neutral.)
> https://trac.torproject.org/projects/tor/wiki/doc/badRelays
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
More information about the tor-relays
mailing list