[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] So long and thanks for all the abuse complaints



I think it is relevant.

There are two sides to creating a connection and traffic can be filtered on both ends.
On the initiator: any invalid outgoing packets can be filtered
On the receiver: any not expected / invalid packets can be filtered

Just a question: how can the hoster determine whether a packet is part of a port scan or valid connection request?
Unless the packet is mangled/invalid (ex: out of sequence like fin / syn scan) it can't as it is unaware what services are running at the other end. Effectively what the hoster is also doing, is imposing a rate limit on rate and number of connections.

On Tue, 5 Dec 2017 at 19:51 Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx> wrote:
On 05.12.17 19:24, r1610091651 wrote:

> Having servers on-line and complaining about such things is just
> unreasonable and laziness on the operator side: don't want scans,
> then setup proper firewall rules. Done.

Your comment is not applicable in this particular case; please read my
other messages in this thread to see why.

-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays