[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata



On Tue, Oct 04, 2016 at 10:08:25PM +0200, Markus Koch wrote:
> Thank you very much, interesting. So I could block URLs but not on
> deep packet inspection?

That's where it starts to get murky: where do headers end and contents
begin? It depends what protocol layer you're looking at. Law-makers
spend a lot of time debating exactly that question.

In Tor's world, since Tor transports TCP streams, we think the headers
are what the TCP layer thinks of as headers, e.g. destination IP and
destination port. And the URL is way down in the payload. (After all,
what business is it of Tor's whether that stream you send over port 80
is http or is something else?)

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays