[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
From: Roger Dingledine <arma@xxxxxxx>
Date: Tue, 4 Oct 2016 16:04:02 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Oct 2016 16:04:16 -0400
In-reply-to: <CALsPhAH7TaN9cBEzH=hBXcN6jCUu7z3D6vCBGZVyN1be1pjUyw@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <9c712fac-bcd4-41eb-0aeb-f4b2bf03d967@web.de> <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <CALsPhAH7TaN9cBEzH=hBXcN6jCUu7z3D6vCBGZVyN1be1pjUyw@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Tue, Oct 04, 2016 at 09:55:01PM +0200, Markus Koch wrote:
> Everyone is running a reduced exit policy ... I only allow HTTP +
> HTTPS and I know nobody who allows port 25 .... at the end of the day
> we all shape our exit traffic.

Choosing what to do with your traffic based on headers is fundamentally
different, legally, than choosing what to do with it based on payload.

In the US, it's the difference between the "pen register" category and
the "wiretap" category. I imagine there are similar terms in many other
countries.

In the telephone metaphor (which is what many of these laws are
fundamentally based on), it's the difference between "I won't let you
call Germany" and "when you call Germany, I'll cut the connection if
you start talking about surveillance".

You'll notice that all of the Tor mechanisms for limiting abuse work
on the header level, not the payload level.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch

References:
- [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: pa011
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch

Prev by Author: Re: [tor-relays] I think I my relay is broken
Next by Author: Re: [tor-relays] 'No space left on device' glitch causing log failure
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Index(es):
- Author
- Thread