[tor-relays] Intrusion Prevention System Software - Snort or Suricata

[pa011]

Am 04.10.2016 um 18:46 schrieb Moritz Bartl:

> Still, this will not help in this (and related) cases: I have not yet
> seen proven cases where the reputation of the netblock was endangered,
> but if an ISP is afraid of that, there's no good way to cooperate. An
> IDS is their obvious suggestion, which just shows that they don't
> understand how Tor works. 

That is obviously true and kind of shame for a huge ISP, but you cant tell them frankly without putting your one year contract at risk and loosing further room for negotiation over a few thousands mile distance :-(

>I argue strongly against deploying such
> systems on Tor exits. It will mess up more than it does good, and it
> won't be able to reliably detect *and block* bad behaviour.
>