[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata




Am 04.10.2016 um 18:46 schrieb Moritz Bartl:

> Still, this will not help in this (and related) cases: I have not yet
> seen proven cases where the reputation of the netblock was endangered,
> but if an ISP is afraid of that, there's no good way to cooperate. An
> IDS is their obvious suggestion, which just shows that they don't
> understand how Tor works. 

That is obviously true and kind of shame for a huge ISP, but you cant tell them frankly without putting your one year contract at risk and loosing further room for negotiation over a few thousands mile distance :-(

>I argue strongly against deploying such
> systems on Tor exits. It will mess up more than it does good, and it
> won't be able to reliably detect *and block* bad behaviour.
> 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays