On Tue, Sep 15, 2015 at 22:36:27 +0200, butary@xxxxxx wrote:
> So I decided to go a controversial way - I installed an IDS/IPS +
> strong firewall rules.
> The log file contains a huge amount of rejected traffic. Most of the
> time, Botnet traffic and shortly rising WordPress attacks.
>
> I'm not happy with my decision but it smoothed my ISP because they
> received less abuse reports.
>
You log traffic and block addresses with a firewall based on what
the IDS/IPS consider bad?
Please stop and consider running a middle relay or bridge instead of
logging and breaking connections for clients.
> If someone has a more elegant solution, please advice me.
Try to educate or change ISP. Exits can unfortunately not be operated
from all networks.
Exit operators could try to maintain an (incomplete) list of addresses
that often causes complains for traffic from exits. They could choose
to block them using torrc. Might help a little with the ISP if the
complains does not come repeatedly from the same source.
But traffic would move to fewer exits and they would get more
complains. This is probably a bad idea and not a solution. Worse than
not running an exit to some destinations from that network? I do not
know.
Regards,
Johan
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays