[tor-relays] Network Scan through Tor Exit Node (Port 80) - PORTSCAN
cmeclax-sazri
cmeclax-sazri at ixazon.dynip.com
Wed Mar 9 14:28:17 UTC 2011
On Wednesday 09 March 2011 03:20:03 Fabio Pietrosanti (naif) wrote:
> On 3/9/11 3:35 AM, Robert Ransom wrote:
> We *really* need to find a technical way to be able to detect and block
> outgoing portscan from the TOR exit nodes.
How is the ISP detecting the portscan? Does it log failed connections? Does it
look for lots of addresses accessed in a small IP address range?
On Wednesday 09 March 2011 04:19:54 Fabio Pietrosanti (naif) wrote:
> And in such extremely finely tuned situation, block or
> strongly-rate-limit the traffic to the destination?
Rate-limiting the circuit (to one packet every 1 to 5 seconds) is something to
try. We could divide the number of failed connections by (number of
connection attempts +5), and if that goes above 50%, throttle the circuit.
More information about the tor-relays
mailing list