[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Intrusion Prevention System Software - Snort or Suricata



> On 9 Oct 2016, at 11:00, Markus Koch <niftybunny@xxxxxxxxxxxxxx> wrote:
> 
> Would not help. These are bots, you can slow them down but this will
> not stop them at all.

Ah, but the point isn't to stop the bots, it's to stop the abuse
complaints by coming in under the abuse report automated thresholds.

In my experience, the abuse complaints are auto-generated, and no-one
replies to my offer to block the site. So why not eliminate the
complaints? Then everyone will be happy. Except the bot-herders.

Tim

> 
> Markus
> 
> 
> 2016-10-09 1:57 GMT+02:00 teor <teor2345@xxxxxxxxx>:
>> 
>>> On 7 Oct 2016, at 05:07, Green Dream <greendream848@xxxxxxxxx> wrote:
>>> 
>>> If we're going to change anything I think it needs to happen within
>>> Tor software. Operators could leverage the existing "Exitpolicy
>>> reject" rules, or Tor could add functionality there if it's missing.
>>> Whatever we do, I think it needs to be uniform and transparent.
>> 
>> I had a conversation with someone at the recent tor meeting about
>> rate-limiting Tor traffic. There are all sorts of drawbacks (blocking
>> popular sites, for example), but I wonder if there are rate-limiting
>> settings that would eliminate the majority of abuse reports based on
>> default fail2ban and similar reporting system settings.
>> 
>> For example, I wonder if the complaints I receive about SSH could be
>> eliminated by slowing down repeated SSH connections to the same host
>> by a second or so.
>> 
>> Clearly more research is needed to work out if this is even feasible,
>> and, if it is, what rate limits should apply to what ports.
>> 
>> T
>> 
>> --
>> Tim Wilson-Brown (teor)
>> 
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmpp: teor at torproject dot org
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org







Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays