[tor-relays] Intrusion Prevention System Software - Snort or Suricata

Green Dream greendream848 at gmail.com
Thu Oct 6 18:07:40 UTC 2016


@oconor:

> Let me ask you a short question. Have you ever worked with IPS?


Yes. Please see my later email in this thread. I have experience with
Snort, Bro and proprietary IPS/IDS systems from Cisco and Palo Alto. I
also worked at a university's network operations helpdesk, where we
received hundreds of DCMA and abuse requests every week. I'm entirely
aware of the work required. I understand fully you have a job to do,
and I'm not immune to your or other provider concerns. I just don't
think IPS is the right solution for Tor exits.

If we're going to change anything I think it needs to happen within
Tor software. Operators could leverage the existing "Exitpolicy
reject" rules, or Tor could add functionality there if it's missing.
Whatever we do, I think it needs to be uniform and transparent.


More information about the tor-relays mailing list