[tor-relays] Intrusion Prevention System Software - Snort or Suricata

oconor at email.cz oconor at email.cz
Wed Oct 5 07:10:03 UTC 2016


We're back to IPS, which can drop the specific malicious traffic. I've been 
speaking with the lawyer few minutes ago. He told me that there is a 
pressure to put all the responsibility for the traffic to the ISPs. Well ...
what are the ISPs most probably going to do ... ? They can ban all tor exit 
nodes, or they will force the owners to clear the traffic.



When you're worried about being accused, why you don't use fake information 
during registration and payments with bitcoins? Then you can also filter the
traffic by IPS ... and everybory will be happy.

"

What should a tor exit op do? Ban the user? exits get the traffic from 
middle nodes and we cant tell (by design) who anyone is. We can block ips 
but that is not really helping with bots who tries to find vulnerabilities 
and scan large blocks.




markus

Sent from my iPad


On 4 Oct 2016, at 23:55, <oconor at email.cz(mailto:oconor at email.cz)> <oconor@
email.cz(mailto:oconor at email.cz)> wrote:


"

If I understand that well ... if tor operator is avare, that his tor node is
used for illegal activity (when their ISP told them about that) and he's not
going to do anything abou that, he wont be guity by complicity?


"On 04.10.16 22:37, oconor at email.cz(mailto:oconor at email.cz) wrote:

> Tor and IPS has both it's own nature and you shouldn't be punished, if
> your intension was just to filter the bad traffic.

And who is to decide what constitutes "bad traffic"? I am not a lawyer,
but in Germany one of the cornerstones of not being held responsible
for traffic passing through a Tor node is § 8 of the Telemediengesetz:
http://www.gesetze-im-internet.de/tmg/__8.html
(http://www.gesetze-im-internet.de/tmg/__8.html) -- sometimes referred to
colloquially as the "provider privilege".

One only is free of responsibility if one neither initiates a transfer,
nor selects the transfer's destination, nor selects or modifies the
transmitted data. That's what "passing through" means.

According to two lawyers I spoke to, exit policies might already be
borderline breaking these rules for exit nodes, but the technical basis
at least guarantees that traffic will never reach an exit node that does
not let it pass. Now think of a firewall that interferes with transfers
once the data has already reached the exit node. Wouldn't you agree that
this means selecting/modifiying the transmitted data?

That's just one national law that I am aware of, I imagine other
countries have similar regulations in place. Any internet service
provider interfering with net neutrality risks lawsuits, because it is
not an ISP's prerogative to decide what traffic is "good" or "bad".

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org(mailto:tor-relays at lists.torproject.org)
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
(https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays)"=
""
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org(mailto:tor-relays at lists.torproject.org)
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
(https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays)

"
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161005/aa31164d/attachment.html>


More information about the tor-relays mailing list