[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
From: <oconor@xxxxxxxx>
Date: Wed, 05 Oct 2016 14:06:06 +0200 (CEST)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 05 Oct 2016 08:06:22 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.cz; s=beta; t=1475669167; bh=IZL35rE4fEtWNKQeRTLEu59BSxq7ZLcGwXRx4jFkxHM=; h=Received:From:To:Subject:Date:Message-Id:References:Mime-Version: X-Mailer:Content-Type; b=XOPmAsXfhJfZ6tX3JC6niA4XsEwWUMXbWwIWq3oPkUNF/anCVh6AHGg5ZptarAkGu gflvadPzJ7TM2rO9zYAHGrgscnoMrKWgXBNEP8nWCTUfwF3C3imVpWl7/NCyecpwE5 keU/ZL2wJHhjyjSgCjFcEcssUF+haCh4iJo9/TIU=
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <9c712fac-bcd4-41eb-0aeb-f4b2bf03d967@web.de> <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <Vhw.aI2o.5T3qSOk7W3J.1Nz1C1@seznam.cz> <8e7f739a-7879-099b-a1c1-792b9ce089b5@horus-it.de> <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz> <001fe8c3-f0aa-213c-1a53-b0ee2ca13d3e@horus-it.de> <CALsPhAEu4BDhFaQiA_n3pYnoW9S9AUjRO2tXTf0z6dBRMnj8pg@mail.gmail.com> <48175d82-3d6b-af07-3a34-68e14cb89e3f@horus-it.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Unfortunately for us (as an ISP) it's not just about passing these messages. If we don't want to be accused from not stopping something illegal we knew about, we need some feedback - what have been done to prevent this to happen in the future. If there is no feedback, we usualy disconnect the server from network.Anyway blocking ips via policy isn't usualy sufficient and the problem will appear soon again. Then we also randomly monitor the traffic to se if it is really clean as promissed. It's really time consuming and that's why I would like to combine tor with some IPS for automation of the "policy set process".

On 05.10.16 13:16, Markus Koch wrote:

> reality is many sites will not block Tor traffic but will send
> (automated) abuse mails over and over and over again.

True, sadly. And like you said it is their right not to block Tor based
traffic. But it is your right not to heed their ongoing complaints and
sabre-rattling, like it is your right to voluntarily update your exit
policies. My point is that none of these choices requires your ISP to
spend time, money or even thought on the issue, all that is required is
passing it along to the Tor operators.

-Ralph

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter

References:
- [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: pa011
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Index(es):
- Author
- Thread