[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Limiting number of outbound TCP connection from One Circuit

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] Limiting number of outbound TCP connection from One Circuit
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Tue, 20 Nov 2012 14:02:14 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 20 Nov 2012 08:02:27 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20121026 Thunderbird/16.0.2

Hi all,

while discussing on twitter with the guy of http://cryptic.be it about
"How to block outgoing portscan from a Tor Exit Node" it arise the idea
that the best way would be to correlate the amount of "outgoing tcp
connection/time" from a specific "Tor Circuit".

So, rather than "Blocking" it would be really nice to be able to apply
certain "Rate Limits" to the amount of outgoing, new TCP connection that
can be done over an established circuit.

Let's say that outgoing circuit change by default once every 10 minutes.

To be able to block a portscan, it maybe interesting to have such a
feature that would statically, or dynamically with a backoff algorithm,
apply a outgoing connection rate limitation that can come from a
specific circuit.

That way it would be possible to identify what is a "normal and typical
connection" and automatically filtering out aggressive traffic (an
important amount of new TCP connections coming from that circuit).

What does the list think about that kind of idea, both conceptually and
from the possible implementation strategies?

Fabio
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Limiting number of outbound TCP connection from One Circuit
  - From: Andreas Krey
- Re: [tor-talk] Limiting number of outbound TCP connection from One Circuit
  - From: Griffin Boyce

Prev by Author: Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
Next by Author: Re: [tor-talk] Limiting number of outbound TCP connection from One Circuit
Previous by thread: Re: [tor-talk] Tor 0.2.3.25 is out
Next by thread: Re: [tor-talk] Limiting number of outbound TCP connection from One Circuit
Index(es):
- Author
- Thread