[tor-relays] Intrusion Prevention System Software - Snort or Suricata

Wed Oct 5 20:52:53 UTC 2016

On 10/05/2016 02:39 PM, Andreas Krey wrote:
> On Wed, 05 Oct 2016 13:48:19 +0000, Mirimir wrote:
> ...
>> exits unpredictably unreliable. On the other hand, IPS that only blocked
>> automated crap would be a win for real users, relay operators and ISPs,
>> no? Why should "... ssh foo at w.x.y.z ... ssh bar at w.x.y.z ... ssh
>> baz at w.x.y.z ..." get through, if it destroys exits? Maybe someone could
>> forget their username. But maybe after 10-20 tries, can't we safely
>> assume that they're brute forcing logins?
> 
> No.
> 
>   for i in subdir/*; do ssh host mkdir -p "$i"; done
> 
> with an ssh-agent would look pretty exactly the same to the exit node.

OK, so I left out the "Permission denied, please try again." bits :)

> Andreas
>