[tor-relays] Intrusion Prevention System Software - Snort or Suricata

teor teor2345 at gmail.com
Sun Oct 9 00:03:14 UTC 2016


> On 9 Oct 2016, at 11:00, Markus Koch <niftybunny at googlemail.com> wrote:
> 
> Would not help. These are bots, you can slow them down but this will
> not stop them at all.

Ah, but the point isn't to stop the bots, it's to stop the abuse
complaints by coming in under the abuse report automated thresholds.

In my experience, the abuse complaints are auto-generated, and no-one
replies to my offer to block the site. So why not eliminate the
complaints? Then everyone will be happy. Except the bot-herders.

Tim

> 
> Markus
> 
> 
> 2016-10-09 1:57 GMT+02:00 teor <teor2345 at gmail.com>:
>> 
>>> On 7 Oct 2016, at 05:07, Green Dream <greendream848 at gmail.com> wrote:
>>> 
>>> If we're going to change anything I think it needs to happen within
>>> Tor software. Operators could leverage the existing "Exitpolicy
>>> reject" rules, or Tor could add functionality there if it's missing.
>>> Whatever we do, I think it needs to be uniform and transparent.
>> 
>> I had a conversation with someone at the recent tor meeting about
>> rate-limiting Tor traffic. There are all sorts of drawbacks (blocking
>> popular sites, for example), but I wonder if there are rate-limiting
>> settings that would eliminate the majority of abuse reports based on
>> default fail2ban and similar reporting system settings.
>> 
>> For example, I wonder if the complaints I receive about SSH could be
>> eliminated by slowing down repeated SSH connections to the same host
>> by a second or so.
>> 
>> Clearly more research is needed to work out if this is even feasible,
>> and, if it is, what rate limits should apply to what ports.
>> 
>> T
>> 
>> --
>> Tim Wilson-Brown (teor)
>> 
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmpp: teor at torproject dot org
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org







-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161009/a42c93f2/attachment.sig>


More information about the tor-relays mailing list