[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata



Be that as it may, there must be something we can do about this as relay operators. If you get caught doing something illegal on your home Internet connection, there are warnings, and eventually consequences (like being disconnected). Just because you run a Tor relay doesn't mean the rules don't apply to you, and if we can't do anything to stop illegal activity, eventually relays are going to be disconnected.

I understand both sides of the argument, and why no solution would be perfect, but we need to figure something out. This problem will not go away on its own, and I expect it to only get worse as time goes on.

Personally, I don't like the idea of filtering traffic at the exit node, because it seems to undermine the whole purpose of Tor: unrestricted anonymous access. However, there must be some way to identify at least some malicious traffic, such as bots. If Tor relays start filtering traffic, I think it should be opt-in, and it should happen at the guard relay. That way not all relays filter by default, and if something gets blocked, it happens before it gets routed through the network.

Of course, we could always identify what constitutes as filtering. As already stated, each exit relay has its own exit policy, so technically everyone already filters traffic based on port. If an IPS only logs non-identifiable information, I don't think it would compromise anonymity, but at the same time, people may not trust Tor if it starts scanning traffic.

On Wed, Oct 5, 2016 at 1:58 PM, Green Dream <greendream848@xxxxxxxxx> wrote:
@Mirimir:


>> IPS aren't perfect - they let some unwanted traffic through, and
>> block other traffic that is totally ok.


> That is an issue. But there are many exits, so eventually users should
> find one that works well enough for their purposes.


Re-read what you said and think about this from the user's
perspective. This is a recipe for disaster when it comes to Tor user
experience. Perhaps it seems suitable to you, as a technical person
and a relay operator, but just think about this problem for a barely
technical user, or someone new to Tor. What will actually happen is
people will try Tor, hit a shitty exit with random performance
problems from an IPS, log off and never use Tor again.

Tor needs all the help it can get with regards to usability and
reliability. It's gotten better over the years but I still get
circuits that are borderline unusable. Adding a hodgepodge of blocking
IPS systems into the mix isn't going to help this problem.

No offense to the ISP here (I do think they are within their rights to
take this position), but I think relay/exit operators should find ISPs
that understand Tor and don't demand an IPS.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



--
Finding information, passing it along. ~SuperSluether
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays