[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
From: <oconor@xxxxxxxx>
Date: Thu, 06 Oct 2016 12:57:55 +0200 (CEST)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Oct 2016 06:58:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.cz; s=beta; t=1475751477; bh=vn6LypcLCRmCGiZW7+yrGsrN+qmM2C+WDZlm7Khyxg4=; h=Received:From:To:Subject:Date:Message-Id:References:Mime-Version: X-Mailer:Content-Type; b=DxFP90VmsZN4Y9j7XyUAMAYYCrD21gcXoup0nuzkc7FHC9dDHYl3XzT778KdXPT+w QEXeoFqy3XJz50fbG+cC8+R8F1MKE6DTtzwPEwujlTmZk6G6vnsKrYEJDmRxr/w2Ox VShXycOluwIw/r3yTGdp4WdXZIAuDMaX0xtwPAb8=
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <Vhw.aI2o.5T3qSOk7W3J.1Nz1C1@seznam.cz> <8e7f739a-7879-099b-a1c1-792b9ce089b5@horus-it.de> <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz> <001fe8c3-f0aa-213c-1a53-b0ee2ca13d3e@horus-it.de> <CALsPhAEu4BDhFaQiA_n3pYnoW9S9AUjRO2tXTf0z6dBRMnj8pg@mail.gmail.com> <48175d82-3d6b-af07-3a34-68e14cb89e3f@horus-it.de> <OC.aI3k.3kDF64MtEFK.1NzEok@seznam.cz> <aeeb7fda-3ab7-47ac-01da-629a85433482@horus-it.de> <20161005140303.GB8860@inner.h.apk.li> <9ac80711-df5e-74b8-f703-b344315ab52b@horus-it.de> <1S{.aI47.77c2emxFcO8.1NzYEM@seznam.cz> <10ced56b-d1ec-d693-c734-2bbacb19bea7@horus-it.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

What have you been working with? :) When the IPS is working wrong, it's because of the admin ... :)

You probably will invest your time, but the ISP won't. The amount of the problems is multiplying. Tor should evolve, or it will extinct like dinosaurs.

I think that this IPS should be done by community (or at least the setting of some IPS product). It should be completely open and transparent - the code and rules.

---------- Původní zpráva ----------
Od: Ralph Seichter <tor-relays-ml@xxxxxxxxxxx>
Komu: tor-relays@xxxxxxxxxxxxxxxxxxxx
Datum: 6. 10. 2016 12:34:02
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

On 06.10.16 12:12, oconor@xxxxxxxx wrote:

> There is a possibility of parsing log of IPS a do actions with the
> policies.

I don't trust any IPS that I have seen so far to come up with smart
enough exit policies. If I were to use an IPS to dynamically limit
inbound traffic (on a non-Tor server) and the IPS gets things wrong,
only my own server is affected. If an IPS gets outbound Tor policies
wrong, it potentially affects a lot of people.

Manually dealing with complaints is a chore, but I am willing to invest
the necessary time and work to be able to make an informed decision. I
can understand that not every service provider has the manpower (or
willingness) to do the same, but I consider Tor's purpose to be too
important to leave decisions to a piece of software.

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter

References:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Andreas Krey
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Index(es):
- Author
- Thread