[tor-relays] Intrusion Prevention System Software - Snort or Suricata
oconor at email.cz
oconor at email.cz
Thu Oct 6 10:57:55 UTC 2016
What have you been working with? :) When the IPS is working wrong, it's
because of the admin ... :)
You probably will invest your time, but the ISP won't. The amount of the
problems is multiplying. Tor should evolve, or it will extinct like
dinosaurs.
I think that this IPS should be done by community (or at least the setting
of some IPS product). It should be completely open and transparent - the
code and rules.
---------- Původní zpráva ----------
Od: Ralph Seichter <tor-relays-ml at horus-it.de>
Komu: tor-relays at lists.torproject.org
Datum: 6. 10. 2016 12:34:02
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata
"On 06.10.16 12:12, oconor at email.cz wrote:
> There is a possibility of parsing log of IPS a do actions with the
> policies.
I don't trust any IPS that I have seen so far to come up with smart
enough exit policies. If I were to use an IPS to dynamically limit
inbound traffic (on a non-Tor server) and the IPS gets things wrong,
only my own server is affected. If an IPS gets outbound Tor policies
wrong, it potentially affects a lot of people.
Manually dealing with complaints is a chore, but I am willing to invest
the necessary time and work to be able to make an informed decision. I
can understand that not every service provider has the manpower (or
willingness) to do the same, but I consider Tor's purpose to be too
important to leave decisions to a piece of software.
-Ralph
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161006/9fee0db2/attachment.html>
More information about the tor-relays
mailing list