[tor-relays] Intrusion Prevention System Software - Snort or Suricata

Markus Koch niftybunny at googlemail.com
Tue Oct 4 20:28:27 UTC 2016


Okay, I am getting confused.
(OSI model here)

ATM we are traffic shaping/blocking at layer 3

DNS is layer 7.

destination IP and port should be layer 1-4, right?

Markus


2016-10-04 22:18 GMT+02:00 Roger Dingledine <arma at mit.edu>:
> On Tue, Oct 04, 2016 at 10:08:25PM +0200, Markus Koch wrote:
>> Thank you very much, interesting. So I could block URLs but not on
>> deep packet inspection?
>
> That's where it starts to get murky: where do headers end and contents
> begin? It depends what protocol layer you're looking at. Law-makers
> spend a lot of time debating exactly that question.
>
> In Tor's world, since Tor transports TCP streams, we think the headers
> are what the TCP layer thinks of as headers, e.g. destination IP and
> destination port. And the URL is way down in the payload. (After all,
> what business is it of Tor's whether that stream you send over port 80
> is http or is something else?)
>
> --Roger
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


More information about the tor-relays mailing list