[tor-relays] Intrusion Prevention System Software - Snort or Suricata
Ralph Seichter
tor-relays-ml at horus-it.de
Thu Oct 6 13:23:38 UTC 2016
On 06.10.16 14:29, Mirimir wrote:
> What matters for "complaining parties" is that they're getting crap
> from some exit relay. So they complain.
Sure, and I don't have a problem with that. If I get complaints, I tell
the CP about Tor, and point them to the relevant information. All good
until that point.
> Just telling complainers to block Tor exits may resolve your issues,
> but it creates others.
It is a question of perspective. I don't have issues with a percentage
of "bad traffic" passing through my exits. I have come to accept this as
a unfortunate but necessary downside of how Tor works. The majority is
"good traffic", and that's why I -- like others -- support Tor in the
first place. I would not dream of removing ports 80 or 443 from my exit
policies just because some malicious clients are trying to break into
WordPress installations.
> Arguably, it's the complainers that should be implementing IPS and/or
> other measures that block whatever they don't like.
Quite so. If somebody places a server on the Internet, he accepts public
access. That includes the necessity to deal with "bad traffic" in one
way or other. Complaining to a Tor exit operator with "you are doing a
bad thing" is factually incorrect. I willingly help CPs if they show an
interest, because that is polite and helps the Tor project. However,
under national law, I do not have an obligation to block traffic until a
court tells me to. Obviously I have no interest in lawsuits and prefer
talking to people to find a solution. I just don't jump because some CP
says "hop". ;-)
-Ralph
More information about the tor-relays
mailing list