[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
On Wednesday 09 March 2011 03:20:03 Fabio Pietrosanti (naif) wrote:
> On 3/9/11 3:35 AM, Robert Ransom wrote:
> We *really* need to find a technical way to be able to detect and block
> outgoing portscan from the TOR exit nodes.
How is the ISP detecting the portscan? Does it log failed connections? Does it
look for lots of addresses accessed in a small IP address range?
On Wednesday 09 March 2011 04:19:54 Fabio Pietrosanti (naif) wrote:
> And in such extremely finely tuned situation, block or
> strongly-rate-limit the traffic to the destination?
Rate-limiting the circuit (to one packet every 1 to 5 seconds) is something to
try. We could divide the number of failed connections by (number of
connection attempts +5), and if that goes above 50%, throttle the circuit.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays