[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
From: Alecks Gates <alecks.g@xxxxxxxxx>
Date: Tue, 04 Oct 2016 17:15:37 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Oct 2016 18:15:52 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:subject:from:to:date:in-reply-to:references:mime-version; bh=oSQV2/0++4YsIcAt7XFGoh3fpMy1Gsjsh1jsytVNz4g=; b=ZpJWx4Ur590Z/oKxeBsl5i9sZIEnFKvosgCwWYsfGcihoXsAyfEQdgzkp44R9v67o6 5iiruFcKO+l9WfxQPJWKwLvK3MW0GCCZvPlHYM5CWx3+VX5WxX4F8+m5XrDkgHTuFfjh 3M0QYc4kbkS9psRP2xlbNUfTtiPmuCds5K9dYqGpDBzgy2am378orIRF4kFaVa/fdYyI hDqO3/OWnCY8PeiCiIFTCSiXrIV4a/3bjHEi0+YO7r+gWzCii2RgqxJOpaCouiCjZ1s4 z2vuGimTQ0OFB3Iu+fQir4Ot+i6Pky0zTpA348FbozM1Z/tapdepxGOry+9wCyORdleb c7zQ==
In-reply-to: <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <9c712fac-bcd4-41eb-0aeb-f4b2bf03d967@web.de> <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <Vhw.aI2o.5T3qSOk7W3J.1Nz1C1@seznam.cz> <8e7f739a-7879-099b-a1c1-792b9ce089b5@horus-it.de> <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Is the distinction between knowledge after the fact and knowledge at the time of occurence of "bad traffic" not important?

I'm all for reducing bad traffic, but where does the line get drawn?

I've also been dealing with multiple abuse reports on Digital Ocean. Quite a few common abuse ports are already disallowed (in fact I have only a small white list); most of the problems originate from port 80. And of course there's nothing we can do for encrypted web traffic anyway.

For what it's worth, I'm glad this thread came up and I've notified Digital Ocean of it in one of my support tickets.

It's really not up to lowly little me to decide whos traffic gets to pass.

Alecks Gates

On Tue, 2016-10-04 at 23:55 +0200, oconor@xxxxxxxx wrote:

If I understand that well ... if tor operator is avare, that his tor node is used for illegal activity (when their ISP told them about that) and he's not going to do anything abou that, he wont be guity by complicity?

On 04.10.16 22:37, oconor@xxxxxxxx wrote:

> Tor and IPS has both it's own nature and you shouldn't be punished, if
> your intension was just to filter the bad traffic.

And who is to decide what constitutes "bad traffic"? I am not a lawyer,
but in Germany one of the cornerstones of not being held responsible
for traffic passing through a Tor node is § 8 of the Telemediengesetz:
http://www.gesetze-im-internet.de/tmg/__8.html -- sometimes referred to
colloquially as the "provider privilege".

One only is free of responsibility if one neither initiates a transfer,
nor selects the transfer's destination, nor selects or modifies the
transmitted data. That's what "passing through" means.

According to two lawyers I spoke to, exit policies might already be
borderline breaking these rules for exit nodes, but the technical basis
at least guarantees that traffic will never reach an exit node that does
not let it pass. Now think of a firewall that interferes with transfers
once the data has already reached the exit node. Wouldn't you agree that
this means selecting/modifiying the transmitted data?

That's just one national law that I am aware of, I imagine other
countries have similar regulations in place. Any internet service
provider interfering with net neutrality risks lawsuits, because it is
not an ISP's prerogative to decide what traffic is "good" or "bad".

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: pa011
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor

Prev by Author: Re: [tor-relays] Digital Ocean - running Exit node locked
Next by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Index(es):
- Author
- Thread