[tor-relays] Intrusion Prevention System Software - Snort or Suricata
Mirimir
mirimir at riseup.net
Thu Oct 6 12:29:02 UTC 2016
On 10/06/2016 05:39 AM, Ralph Seichter wrote:
> On 06.10.16 12:57, oconor at email.cz wrote:
>
>> You probably will invest your time, but the ISP won't. The amount of
>> the problems is multiplying. Tor should evolve, or it will extinct
>> like dinosaurs.
>
> I don't think that Tor has a problem. It works as designed. One might
> say that service providers have a problem dealing with Tor, because of
> the effort involved, or that complaining parties have a problem with
> Tor, because they don't understand or care that a Tor exit is not the
> real source of "bad traffic", or that they can block Tor based traffic
> by using the already existing information provided by the Tor project
> (see https://www.torproject.org/docs/faq-abuse.html.en#Bans).
Why does "real source" matter? To the extent that Tor works as designed,
the "real source" is unknown (ideally "unknowable"). What matters for
"complaining parties" is that they're getting crap from some exit relay.
So they complain.
> Pointing fingers is not going to help, and neither is implementing
> automated self-censorship on Tor exits. If somebody wants me to block
> his destination IP on my Tor exit nodes, he'll have to explicitly tell
> me so, and explain why he's not blocking my exit nodes instead.
Well, that's the other problem. Your exit nodes, on average, are not
much better or worse than others. Exit policy matters, I admit, but
exits that don't allow 80, 443, 22 and other mainstream ports are not
very useful. So more and more sites either block Tor exits entirely, or
label activity from them as fraudulent. Just telling complainers to
block Tor exits may resolve your issues, but it creates others.
Arguably, it's the complainers that should be implementing IPS and/or
other measures that block whatever they don't like. Rather than just
blocking Tor exits, or filing abuse reports. But expecting that to
happen is probably unrealistic.
> -Ralph
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
More information about the tor-relays
mailing list