[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] How to protect yourself from network scanning



On 8/1/12 9:24 AM, Administrator wrote:
> 
> an easy way is to limit the amount of tcp connections at the same time on a edge router. this is usualy done to get rid of script kiddies which try to break into ssh by trying every possible password for root. if tcp init is however rate limited then its like a slow connection for opening sessions. this could affect outgoing http though so its smarter to exclude port 80 and 443 from it.

That way you will not catch scanning that goes across an entire netblock
on port 80 to look for a possible specific vulnerable web applications
(portscanning + application vulnerability check).

You need to look at very specific portscanning pattern, finely tuned so
that it would not risk to match also good tor traffic.

-naif
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays