[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] How to protect yourself from network scanning

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] How to protect yourself from network scanning
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Wed, 01 Aug 2012 09:27:34 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 01 Aug 2012 03:27:00 -0400
In-reply-to: <E70DE958-ED88-4576-83F3-B8034F2F8405@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA+3+qbK3uv0S09ib9GJXsC5ssLFEkvong0ihH6dcpHJ5iKJbng@xxxxxxxxxxxxxx> <5018D877.1070201@xxxxxxxxxxxxxxx> <E70DE958-ED88-4576-83F3-B8034F2F8405@xxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20120614 Thunderbird/13.0.1

On 8/1/12 9:24 AM, Administrator wrote:
> 
> an easy way is to limit the amount of tcp connections at the same time on a edge router. this is usualy done to get rid of script kiddies which try to break into ssh by trying every possible password for root. if tcp init is however rate limited then its like a slow connection for opening sessions. this could affect outgoing http though so its smarter to exclude port 80 and 443 from it.

That way you will not catch scanning that goes across an entire netblock
on port 80 to look for a possible specific vulnerable web applications
(portscanning + application vulnerability check).

You need to look at very specific portscanning pattern, finely tuned so
that it would not risk to match also good tor traffic.

-naif
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] How to protect yourself from network scanning
  - From: Fabio Pietrosanti (naif)
- Re: [tor-relays] How to protect yourself from network scanning
  - From: Administrator

Prev by Author: Re: [tor-relays] How to protect yourself from network scanning
Next by Author: Re: [tor-relays] Call for discussion: turning funding into more exit relays
Previous by thread: Re: [tor-relays] How to protect yourself from network scanning
Next by thread: [tor-relays] Domain name based policies (was: Call for discussion: turning funding into more exit relays)
Index(es):
- Author
- Thread