[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata
On 05.10.2016 14:06, oconor@xxxxxxxx wrote:
> Unfortunately for us (as an ISP) it's not just about passing these
> messages. If we don't want to be accused from not stopping something
> illegal we knew about, we need some feedback - what have been done to
> prevent this to happen in the future.
If you pass on the complaint to me, I'll give you the feedback that I
will deal with it (using "you" and "I" as examples, obviously). While I
do have the responsibility to verify that my server has not been
compromised, I am not obliged to provide detailed information on how I
deal with complaints. Also, just because some complaining party does not
like the traffic passing through my server, it does not mean that I
automatically have a legally binding obligation to prevent that traffic.
Don't get me wrong, I do take complaints seriously, and I always strive
to work with my ISPs to resolve issues in an amicable manner. However,
I do that because I choose to be a good netizen. Sometimes I don't do
anything at all, because it either does not make any sense or would
violate the "just passing through" concept (e.g. I never use any form
of traffic content inspection).
> It's really time consuming and that's why I would like to combine tor
> with some IPS for automation of the "policy set process".
I can see what motivates you. Personally, I can't think of a scenario
where I would use automation to set outbound traffic policies (inbound
traffic is a different matter, fail2ban comes to mind). I am interested
in other people's opinion regarding the prospect of an automated tool to
generate exit policies.
-Ralph
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays