[tor-relays] Intrusion Prevention System Software - Snort or Suricata

Markus Koch niftybunny at googlemail.com
Tue Oct 4 20:08:25 UTC 2016


Thank you very much, interesting. So I could block URLs but not on
deep packet inspection?

Markus


2016-10-04 22:04 GMT+02:00 Roger Dingledine <arma at mit.edu>:
> On Tue, Oct 04, 2016 at 09:55:01PM +0200, Markus Koch wrote:
>> Everyone is running a reduced exit policy ... I only allow HTTP +
>> HTTPS and I know nobody who allows port 25 .... at the end of the day
>> we all shape our exit traffic.
>
> Choosing what to do with your traffic based on headers is fundamentally
> different, legally, than choosing what to do with it based on payload.
>
> In the US, it's the difference between the "pen register" category and
> the "wiretap" category. I imagine there are similar terms in many other
> countries.
>
> In the telephone metaphor (which is what many of these laws are
> fundamentally based on), it's the difference between "I won't let you
> call Germany" and "when you call Germany, I'll cut the connection if
> you start talking about surveillance".
>
> You'll notice that all of the Tor mechanisms for limiting abuse work
> on the header level, not the payload level.
>
> --Roger
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


More information about the tor-relays mailing list