[tor-relays] Intrusion Prevention System Software - Snort or Suricata

Ralph Seichter tor-relays-ml at horus-it.de
Thu Oct 6 13:23:38 UTC 2016


On 06.10.16 14:29, Mirimir wrote:

> What matters for "complaining parties" is that they're getting crap
> from some exit relay. So they complain.

Sure, and I don't have a problem with that. If I get complaints, I tell
the CP about Tor, and point them to the relevant information. All good
until that point.

> Just telling complainers to block Tor exits may resolve your issues,
> but it creates others.

It is a question of perspective. I don't have issues with a percentage
of "bad traffic" passing through my exits. I have come to accept this as
a unfortunate but necessary downside of how Tor works. The majority is
"good traffic", and that's why I -- like others -- support Tor in the
first place. I would not dream of removing ports 80 or 443 from my exit
policies just because some malicious clients are trying to break into
WordPress installations.

> Arguably, it's the complainers that should be implementing IPS and/or
> other measures that block whatever they don't like.

Quite so. If somebody places a server on the Internet, he accepts public
access. That includes the necessity to deal with "bad traffic" in one
way or other. Complaining to a Tor exit operator with "you are doing a
bad thing" is factually incorrect. I willingly help CPs if they show an
interest, because that is polite and helps the Tor project. However,
under national law, I do not have an obligation to block traffic until a
court tells me to. Obviously I have no interest in lawsuits and prefer
talking to people to find a solution. I just don't jump because some CP
says "hop". ;-)

-Ralph


More information about the tor-relays mailing list