[tor-relays] Intrusion Prevention System Software - Snort or Suricata

pa011 pa011 at web.de
Tue Oct 4 16:49:27 UTC 2016 


Am 04.10.2016 um 18:24 schrieb krishna e bera:
> What if someone who doesnt like Tor project is deliberately accessing
> honeypots in order to get exit nodes shut down?

That seems kind of easy, because there are some certain spots where you can assume those pots to be and depending on the response of the host of the honeypot more or less pressure on the ISP could arise

> We need to establish some sort of legal or political solidarity to tell
> ISPs to be net neutral with us. 

I still cant judge the pressure and burdens apart from economical on ISP side. In June I asked here those questions which still didn’t find an answer:

- is it just the more work for rather poor money handling(forwarding)
those abuses ?
- to whom else does he have to report what he is doing with the gotten
abuses?
- must he answer to the origin of the abuse?
- who is getting a copy of them(if at all)?
- can he loose his license as a ISP (with to many or badly handled abuses)?
- are there any regulatory burdens for them - if so which ones?
- are ISP's treated different in different parts of the world?

> It is not our problem if someone uses
> the telecom network to read/write data to a vulnerable server - it is
> the vulnerable server's problem to fix. The ISP (and Tor network) are
> only responsible for delivering the packets and handling abuse of
> *network* resources such as DDoS - content is irrelevant.
> 
> Tor publishes exit node ip addresses so that destinations that dont want
> to deal with anonymous traffic can block it.  Did you try these answers:
> https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates

I only shortly began to send a copy of my response not only to the ISP, but also to the sender of the abuse - how do other people here handle this? Obviously the attacked target needs an other explanation as the ISP.

> 
> 
> On 04/10/16 12:01 PM, pa011 wrote:
>> Me too Markus -could fill a folder with that tax issue :-((
>> Costing a lot of time to answer and restrict the IPs
>>
>> Plus my ISP moaning with good reason: "It's not just about you, but you're giving a bad reputation to one /21 and one /22 subnet. That's ~ 3000 IPs which are potentionaly endagered to be marked as source of malicious content / blacklisted / whatever ... so you see, this is quite critical for us."
>>
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list