[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Wed, 5 Oct 2016 13:48:19 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 05 Oct 2016 15:48:39 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1475696903; bh=bVWpFA3rL6hOI1OztXzQ55S7nYiX/2dt6Rj1Gr5lhLc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=LdS9Lbrpgue7SiD859RLiMHoJ0dqFQ9jbA2KI7sENyRX/drn25XbG+sjelikhHRaK Ruck/GlVIDeoOjyGaKO+0BqGj5QhmSYXB9K3dwb7QE+MTcp2x2XnIFVWwgCRE80GCm h4nl2ZLxkxEClIBgwkh+9fA+IM1i9CZupIqtlmYI=
In-reply-to: <CAAd2PDJDneFj4hCeocLGdnYsxvnMQ1Hd2nzpQvhZb67_riBgnQ@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <9c712fac-bcd4-41eb-0aeb-f4b2bf03d967@web.de> <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <Vhw.aI2o.5T3qSOk7W3J.1Nz1C1@seznam.cz> <8e7f739a-7879-099b-a1c1-792b9ce089b5@horus-it.de> <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz> <C263492D-5C73-4BF9-985B-ED2A449DE350@googlemail.com> <W42.aI2E.1Wf3C1ftsrA.1NzATB@seznam.cz> <B4EB4AB0-AEFE-473F-A732-6AA2A9C18708@gmail.com> <07cb3c0b-8f04-5068-6914-cdf1eaa3e766@riseup.net> <CAAd2PDJDneFj4hCeocLGdnYsxvnMQ1Hd2nzpQvhZb67_riBgnQ@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 10/05/2016 12:58 PM, Green Dream wrote:
> @Mirimir:
> 
> 
>>> IPS aren't perfect - they let some unwanted traffic through, and
>>> block other traffic that is totally ok.
> 
> 
>> That is an issue. But there are many exits, so eventually users should
>> find one that works well enough for their purposes.
> 
> 
> Re-read what you said and think about this from the user's
> perspective. This is a recipe for disaster when it comes to Tor user
> experience. Perhaps it seems suitable to you, as a technical person
> and a relay operator, but just think about this problem for a barely
> technical user, or someone new to Tor. What will actually happen is
> people will try Tor, hit a shitty exit with random performance
> problems from an IPS, log off and never use Tor again.

True. But increased risk of hitting bad exits is arguably better than
having fewer exits.

> Tor needs all the help it can get with regards to usability and
> reliability. It's gotten better over the years but I still get
> circuits that are borderline unusable. Adding a hodgepodge of blocking
> IPS systems into the mix isn't going to help this problem.

Yes, I do too. And I wouldn't be happy if poorly implemented IPS made
exits unpredictably unreliable. On the other hand, IPS that only blocked
automated crap would be a win for real users, relay operators and ISPs,
no? Why should "... ssh foo@w.x.y.z ... ssh bar@w.x.y.z ... ssh
baz@w.x.y.z ..." get through, if it destroys exits? Maybe someone could
forget their username. But maybe after 10-20 tries, can't we safely
assume that they're brute forcing logins?

> No offense to the ISP here (I do think they are within their rights to
> take this position), but I think relay/exit operators should find ISPs
> that understand Tor and don't demand an IPS.
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Andreas Krey

References:
- [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: pa011
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: teor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Mirimir
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Green Dream

Prev by Author: Re: [tor-relays] cryptsetup some folders
Next by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Index(es):
- Author
- Thread