[tor-relays] Intrusion Prevention System Software - Snort or Suricata

Mirimir mirimir at riseup.net
Wed Oct 5 07:38:13 UTC 2016


On 10/05/2016 01:27 AM, teor wrote:
> 
>> On 5 Oct 2016, at 18:10, <oconor at email.cz> <oconor at email.cz>
>> wrote:
>> 
>> We're back to IPS, which can drop the specific malicious traffic.
>> I've been speaking with the lawyer few minutes ago. He told me
>> that there is a pressure to put all the responsibility for the
>> traffic to the ISPs. Well ... what are the ISPs most probably
>> going to do ... ? They can ban all tor exit nodes, or they will
>> force the owners to clear the traffic.
>> 
>> When you're worried about being accused, why you don't use fake
>> information during registration and payments with bitcoins? Then
>> you can also filter the traffic by IPS ... and everybory will be
>> happy.
> 
> There are a few things wrong with your suggested solution: * it's
> really, really hard to stay anonymous on the Internet as an
> individual, and impossible for many corporations (it's hard to be
> transparent about how you spend money as a charity, and be
> anonymous at the same time),

Truth.

> * if all Tor Exit Nodes are anonymous, ISPs may block them more,
> not less,

Yes. But at least there's less risk to exit operators.

> * filtering will likely get your Exit marked as a BadExit,

Yes, I get that. What happens if it's the hosting provider or their
ISP that does the filtering? With end-to-end encryption, of course,
it's less effective. But there are some pretty decent protocol detectors.

> * IPS aren't perfect - they let some unwanted traffic through, and
> block other traffic that is totally ok.

That is an issue. But there are many exits, so eventually users should
find one that works well enough for their purposes.

> Tim
> 
>> 
>> What should a tor exit op do? Ban the user? exits get the traffic
>> from middle nodes and we cant tell (by design) who anyone is. We
>> can block ips but that is not really helping with bots who tries
>> to find vulnerabilities and scan large blocks.
>> 
>> markus
>> 
>> Sent from my iPad
>> 
>> On 4 Oct 2016, at 23:55, <oconor at email.cz> <oconor at email.cz>
>> wrote:
>> 
>> If I understand that well ... if tor operator is avare, that his
>> tor node is used for illegal activity (when their ISP told them
>> about that) and he's not going to do anything abou that, he wont
>> be guity by complicity?
>> 
>> 
>> On 04.10.16 22:37, oconor at email.cz wrote:
>> 
>>> Tor and IPS has both it's own nature and you shouldn't be
>>> punished, if your intension was just to filter the bad
>>> traffic.
>> 
>> And who is to decide what constitutes "bad traffic"? I am not a
>> lawyer, but in Germany one of the cornerstones of not being held
>> responsible for traffic passing through a Tor node is ยง 8 of the
>> Telemediengesetz: http://www.gesetze-im-internet.de/tmg/__8.html
>> -- sometimes referred to colloquially as the "provider
>> privilege".
>> 
>> One only is free of responsibility if one neither initiates a
>> transfer, nor selects the transfer's destination, nor selects or
>> modifies the transmitted data. That's what "passing through"
>> means.
>> 
>> According to two lawyers I spoke to, exit policies might already
>> be borderline breaking these rules for exit nodes, but the
>> technical basis at least guarantees that traffic will never reach
>> an exit node that does not let it pass. Now think of a firewall
>> that interferes with transfers once the data has already reached
>> the exit node. Wouldn't you agree that this means
>> selecting/modifiying the transmitted data?
>> 
>> That's just one national law that I am aware of, I imagine other 
>> countries have similar regulations in place. Any internet
>> service provider interfering with net neutrality risks lawsuits,
>> because it is not an ISP's prerogative to decide what traffic is
>> "good" or "bad".
>> 
>> -Ralph _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 
>> = _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 
>> _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 
>> _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> T
> 
> -- Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C
> BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject
> dot org
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


More information about the tor-relays mailing list