[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata or no IPS at all

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata or no IPS at all
From: Tristan <supersluether@xxxxxxxxx>
Date: Thu, 6 Oct 2016 09:49:48 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Oct 2016 10:50:09 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=o5yetWWO/S0GlzteUMf3e02Vx073i8H18jpW6g241Hw=; b=Ybv4JKDkrT4hWlvv1bpJAMsJqGqO6i8HnUjkfK30QGFyyJf1tHNtDNaQDCWR8uNaTE cbKMVgPkO3jo+Zama+7svCfjnAOSFTjhXLV4pfezGy+jqAWnhD/ueH+1hRYM74Ga8rYY a9nWEdSzgRdBRyqOJz7LKrh/Dq8QgGJDuiLJST5bBam0HERH0HzH45uYt45/9wZQ+h2+ 2is60AJT8IOnBY2t224+F62AZsJi3JFXJNDkH7Dp5NTYYxFgQ/eGSH0wVWlVM8rVD3Om mfi6qq9zWZl/NOVM4n+9s1gscfLgsfS7IUdll4UgQFXdMfjpaD6N6VC/GwyT1KDnGiXU xjJA==
In-reply-to: <97673889-263e-d250-53b6-a0570ad2e480@horus-it.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA709144-51E7-485B-B87B-1599DF978545@brazoslink.net> <20161004194234.GB17094@moria.seul.org> <Vhw.aI2o.5T3qSOk7W3J.1Nz1C1@seznam.cz> <8e7f739a-7879-099b-a1c1-792b9ce089b5@horus-it.de> <VnI.aI2{.6Clab1ZXq93.1Nz2LK@seznam.cz> <001fe8c3-f0aa-213c-1a53-b0ee2ca13d3e@horus-it.de> <CALsPhAEu4BDhFaQiA_n3pYnoW9S9AUjRO2tXTf0z6dBRMnj8pg@mail.gmail.com> <48175d82-3d6b-af07-3a34-68e14cb89e3f@horus-it.de> <OC.aI3k.3kDF64MtEFK.1NzEok@seznam.cz> <aeeb7fda-3ab7-47ac-01da-629a85433482@horus-it.de> <20161005140303.GB8860@inner.h.apk.li> <9ac80711-df5e-74b8-f703-b344315ab52b@horus-it.de> <1S{.aI47.77c2emxFcO8.1NzYEM@seznam.cz> <10ced56b-d1ec-d693-c734-2bbacb19bea7@horus-it.de> <1Zt.aI4D.I3gdCeS1nZ.1NzYup@seznam.cz> <6c002d4a-0925-bdc5-0ae7-271c0833e7b5@horus-it.de> <1tQ.aI4N.F7a0SsOzv{.1NzaTq@seznam.cz> <2b9548a4-83a3-7e71-3730-ff6cd45f8a44@horus-it.de> <27n.aI4P.4SdxmqnElbL.1NzbwT@seznam.cz> <97673889-263e-d250-53b6-a0570ad2e480@horus-it.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Suricata allows direct access via the Tor network, Snort's website gave me multiple failed Captchas before I could access anything. I'm going to do some further research before I even think about implementing anything.

How does one detect false positives when running an IPS? Do you just frequently check the alerts and change the rules when necessary?

On Thu, Oct 6, 2016 at 9:45 AM, Ralph Seichter <tor-relays-ml@xxxxxxxxxxx> wrote:

On 06.10.16 16:24, oconor@xxxxxxxx wrote:

> The subject of this thread is: Intrusion Prevention System Software -
> Snort or Suricata

Fixed that for you. ;-)

> If the only thing you wanted to say was, that you're against that,
> we're probably done ;)

Stating that I oppose the idea of IPS as means of automatic censorship
of Tor exit nodes is part of the discussion.

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Finding information, passing it along. ～SuperSluether

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata or no IPS at all
  - From: oconor

References:
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: BlinkTor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Roger Dingledine
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Markus Koch
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Andreas Krey
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: Ralph Seichter
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
  - From: oconor
- Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata or no IPS at all
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] Dealing with OVH Abuse Complaints
Next by Author: Re: [tor-relays] Linux kernel vulnerability
Previous by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata or no IPS at all
Next by thread: Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata or no IPS at all
Index(es):
- Author
- Thread