[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers



A while ago I had a lengthy dicussion with my ISP about this. They wanted me to run Snort on my exit to shut off variuos types of traffic coming from it. In the end I agreed only to allow encrypted protocols to exit, which placated them (and a subsequent bandwith limitation booted me out of the exit pool in any case).Â

But along the way I asked some others about the legal implications of doing what the ISP had asked. The rough consensus was that in the UK at least, I would only be able to evesdrop on traffic once consent had been given by those being monitored. Otherwise I'd be illegally wiretapping and open to prosecution. But it was far from clear what would happen if somebody took me a court!





On 12 June 2016 at 16:12, Dr Gerard Bulger <gerard@xxxxxxxxxxxx> wrote:
It is heresy to suggest that Exit relays do anything of a sort, that is
attempt to reject obvious attackers on an IP? Tor is neutral. Once TOR
exits attempts any filtering where would it stop? ÂIt is a slippery slope.
I think not, as to extend to other areas would far too complex and have
diminishing returns. DMCA complaints for example was waste of time, and not
all counties have copyright laws.

I know that everyone on the internet should secure their servers, and take
their own measures to block attacks, but too often those corporate measures
include an automated abuse complaint being sent out. No explaining to ISP
on what it means helps, as many of their staff are just too dumb and have to
play safe.

It is more than embarrassing to run an exit node and get abuse complaints
about persistent and repeated attacks on an IP. The intent is clearly
criminal. VPS providers in the UK are increasing intolerant in receiving
such complaints. The whole VPS can be closed down by the ISP/VPS provider
not forcing a closure of the TOR exit. Fewer ISPs will allow you to install
an exit node at all.

I am only wondering about blocking the obvious attacks or mass attacks to
block. ÂIs anyone developing such tools? Is it even possible? Those of us
who would wish to enact such software, if it could be made, would have a
flag on Tor Atlas stating that there is such a filter in place.

Gerry

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays