[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Thu, 6 Oct 2016 06:29:02 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Oct 2016 08:29:22 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1475756945; bh=rnAT9OPiub/XQcTfTtcgGRCfaF3e5fSEAAtfyxdMkJc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=tHEuMoYTiqDqZU23aztxtTxk/qb32di/S/JVhmOx1WA8kw4I0KWUHJwqaOz/jzA9u 9QIjjmEKNhaIhR+nULZAF1nj2XazD13g9+iuDT8PbQueY5fYP3ORJBNZPxTHj88eIe 5R+0G1GHnrvVjtiRmVqkmS6nMaye6LdOgQ5P+Oeg=
In-reply-to: <6c002d4a-0925-bdc5-0ae7-271c0833e7b5@horus-it.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <Vhw.aI2o.5T3qSOk7W3J.1Nz1C1@seznam.cz> <8e7f739a-7879-099b-a1c1-792b9ce089b5@horus-it.de> <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz> <001fe8c3-f0aa-213c-1a53-b0ee2ca13d3e@horus-it.de> <CALsPhAEu4BDhFaQiA_n3pYnoW9S9AUjRO2tXTf0z6dBRMnj8pg@mail.gmail.com> <48175d82-3d6b-af07-3a34-68e14cb89e3f@horus-it.de> <OC.aI3k.3kDF64MtEFK.1NzEok@seznam.cz> <aeeb7fda-3ab7-47ac-01da-629a85433482@horus-it.de> <20161005140303.GB8860@inner.h.apk.li> <9ac80711-df5e-74b8-f703-b344315ab52b@horus-it.de> <1S{.aI47.77c2emxFcO8.1NzYEM@seznam.cz> <10ced56b-d1ec-d693-c734-2bbacb19bea7@horus-it.de> <1Zt.aI4D.I3gdCeS1nZ.1NzYup@seznam.cz> <6c002d4a-0925-bdc5-0ae7-271c0833e7b5@horus-it.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 10/06/2016 05:39 AM, Ralph Seichter wrote:
> On 06.10.16 12:57, oconor@xxxxxxxx wrote:
> 
>> You probably will invest your time, but the ISP won't. The amount of
>> the problems is multiplying. Tor should evolve, or it will extinct
>> like dinosaurs.
> 
> I don't think that Tor has a problem. It works as designed. One might
> say that service providers have a problem dealing with Tor, because of
> the effort involved, or that complaining parties have a problem with
> Tor, because they don't understand or care that a Tor exit is not the
> real source of "bad traffic", or that they can block Tor based traffic
> by using the already existing information provided by the Tor project
> (see https://www.torproject.org/docs/faq-abuse.html.en#Bans).

Why does "real source" matter? To the extent that Tor works as designed,
the "real source" is unknown (ideally "unknowable"). What matters for
"complaining parties" is that they're getting crap from some exit relay.
So they complain.

> Pointing fingers is not going to help, and neither is implementing
> automated self-censorship on Tor exits. If somebody wants me to block
> his destination IP on my Tor exit nodes, he'll have to explicitly tell
> me so, and explain why he's not blocking my exit nodes instead.

Well, that's the other problem. Your exit nodes, on average, are not
much better or worse than others. Exit policy matters, I admit, but
exits that don't allow 80, 443, 22 and other mainstream ports are not
very useful. So more and more sites either block Tor exits entirely, or
label activity from them as fraudulent. Just telling complainers to
block Tor exits may resolve your issues, but it creates others.

Arguably, it's the complainers that should be implementing IPS and/or
other measures that block whatever they don't like. Rather than just
blocking Tor exits, or filing abuse reports. But expecting that to
happen is probably unrealistic.

> -Ralph
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter

References:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Andreas Krey
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by Author: Re: [tor-relays] cryptsetup some folders
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
Index(es):
- Author
- Thread