[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
From: Ralph Seichter <tor-relays-ml@xxxxxxxxxxx>
Date: Wed, 5 Oct 2016 17:18:52 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 05 Oct 2016 11:19:09 -0400
In-reply-to: <20161005140303.GB8860@inner.h.apk.li>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <Vhw.aI2o.5T3qSOk7W3J.1Nz1C1@seznam.cz> <8e7f739a-7879-099b-a1c1-792b9ce089b5@horus-it.de> <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz> <001fe8c3-f0aa-213c-1a53-b0ee2ca13d3e@horus-it.de> <CALsPhAEu4BDhFaQiA_n3pYnoW9S9AUjRO2tXTf0z6dBRMnj8pg@mail.gmail.com> <48175d82-3d6b-af07-3a34-68e14cb89e3f@horus-it.de> <OC.aI3k.3kDF64MtEFK.1NzEok@seznam.cz> <aeeb7fda-3ab7-47ac-01da-629a85433482@horus-it.de> <20161005140303.GB8860@inner.h.apk.li>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

On 05.10.2016 16:03, Andreas Krey wrote:

> Everything to the OR port needs to pass in, esp. when you act as a
> guard, and fail2banning the ssh port, hmm. Everything else is closed
> anyway.

What I meant is that I can see a use for automation when it comes to
securing a server -- not necessarily a dedicated Tor node, which, like
you correctly mentioned, probably only has ports for SSH and Tor opened
anyway -- from malicious inbound traffic.

Outbound traffic is a different beast. In a Tor server context, I don't
see what kind of automation might be able to generate policies. Also, I
don't like the idea of automated (self-)censorship on Tor exits.

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor

References:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Andreas Krey

Prev by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by Author: Re: [tor-relays] cryptsetup some folders
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Index(es):
- Author
- Thread