[tor-relays] Intrusion Prevention System Software - Snort or Suricata
Roger Dingledine
arma at mit.edu
Tue Oct 4 20:04:02 UTC 2016
On Tue, Oct 04, 2016 at 09:55:01PM +0200, Markus Koch wrote:
> Everyone is running a reduced exit policy ... I only allow HTTP +
> HTTPS and I know nobody who allows port 25 .... at the end of the day
> we all shape our exit traffic.
Choosing what to do with your traffic based on headers is fundamentally
different, legally, than choosing what to do with it based on payload.
In the US, it's the difference between the "pen register" category and
the "wiretap" category. I imagine there are similar terms in many other
countries.
In the telephone metaphor (which is what many of these laws are
fundamentally based on), it's the difference between "I won't let you
call Germany" and "when you call Germany, I'll cut the connection if
you start talking about surveillance".
You'll notice that all of the Tor mechanisms for limiting abuse work
on the header level, not the payload level.
--Roger
More information about the tor-relays
mailing list