[tor-relays] Intrusion Prevention System Software - Snort or Suricata

Mirimir mirimir at riseup.net
Wed Oct 5 19:48:19 UTC 2016 

On 10/05/2016 12:58 PM, Green Dream wrote:
> @Mirimir:
> 
> 
>>> IPS aren't perfect - they let some unwanted traffic through, and
>>> block other traffic that is totally ok.
> 
> 
>> That is an issue. But there are many exits, so eventually users should
>> find one that works well enough for their purposes.
> 
> 
> Re-read what you said and think about this from the user's
> perspective. This is a recipe for disaster when it comes to Tor user
> experience. Perhaps it seems suitable to you, as a technical person
> and a relay operator, but just think about this problem for a barely
> technical user, or someone new to Tor. What will actually happen is
> people will try Tor, hit a shitty exit with random performance
> problems from an IPS, log off and never use Tor again.

True. But increased risk of hitting bad exits is arguably better than
having fewer exits.

> Tor needs all the help it can get with regards to usability and
> reliability. It's gotten better over the years but I still get
> circuits that are borderline unusable. Adding a hodgepodge of blocking
> IPS systems into the mix isn't going to help this problem.

Yes, I do too. And I wouldn't be happy if poorly implemented IPS made
exits unpredictably unreliable. On the other hand, IPS that only blocked
automated crap would be a win for real users, relay operators and ISPs,
no? Why should "... ssh foo at w.x.y.z ... ssh bar at w.x.y.z ... ssh
baz at w.x.y.z ..." get through, if it destroys exits? Maybe someone could
forget their username. But maybe after 10-20 tries, can't we safely
assume that they're brute forcing logins?

> No offense to the ISP here (I do think they are within their rights to
> take this position), but I think relay/exit operators should find ISPs
> that understand Tor and don't demand an IPS.
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list