[tor-relays] Intrusion Prevention System Software - Snort or Suricata or no IPS at all
oconor at email.cz
oconor at email.cz
Thu Oct 6 15:09:07 UTC 2016
You can't access suricata directly?
---------- Původní zpráva ----------
Od: Tristan <supersluether at gmail.com>
Komu: tor-relays at lists.torproject.org
Datum: 6. 10. 2016 17:02:19
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata or no IPS at all
"
I may have just found a bigger problem: I can't access the Suricata rulesets
from my exit node. The website replies with "Error code 15, This request was
blocked by the security rules." When I try to wget the ruleset from my exit
node, I get error 403 forbidden.
Even if Suricata ships with some basic rulesets, it looks like I wouldn't be
able to update them, because they block Tor exit nodes. Any ideas how to get
around that?
On Thu, Oct 6, 2016 at 9:57 AM, <oconor at email.cz(mailto:oconor at email.cz)>
wrote:
"
Our implementation of suricata is a little different. We've got one as IPS
(just few rules) and second as IDS (all rules (block of rules) are switched
on). In the log of IDS we determine which chains should be filtered and then
we filter them one by one on IPS. The main thing is to not to cut of any of
the customers (in our case).
---------- Původní zpráva ----------
Od: Tristan <supersluether at gmail.com(mailto:supersluether at gmail.com)>
Komu: tor-relays at lists.torproject. org
(mailto:tor-relays at lists.torproject.org)
Datum: 6. 10. 2016 16:50:33
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata or no IPS at all
"
Suricata allows direct access via the Tor network, Snort's website gave me
multiple failed Captchas before I could access anything. I'm going to do
some further research before I even think about implementing anything.
How does one detect false positives when running an IPS? Do you just
frequently check the alerts and change the rules when necessary?
On Thu, Oct 6, 2016 at 9:45 AM, Ralph Seichter <tor-relays-ml at horus-it.de
(mailto:tor-relays-ml at horus-it.de)> wrote:
"On 06.10.16 16:24, oconor at email.cz(mailto:oconor at email.cz) wrote:
> The subject of this thread is: Intrusion Prevention System Software -
> Snort or Suricata
Fixed that for you. ;-)
> If the only thing you wanted to say was, that you're against that,
> we're probably done ;)
Stating that I oppose the idea of IPS as means of automatic censorship
of Tor exit nodes is part of the discussion.
-Ralph
______________________________ _________________
tor-relays mailing list
tor-relays at lists.torproject. org(mailto:tor-relays at lists.torproject.org)
https://lists.torproject.org/ cgi-bin/mailman/listinfo/tor- relays
(https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays)
"
--
Finding information, passing it along. ~SuperSluether
______________________________ _________________
tor-relays mailing list
tor-relays at lists.torproject. org(mailto:tor-relays at lists.torproject.org)
https://lists.torproject.org/ cgi-bin/mailman/listinfo/tor- relays
(https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays)"
______________________________ _________________
tor-relays mailing list
tor-relays at lists.torproject. org(mailto:tor-relays at lists.torproject.org)
https://lists.torproject.org/ cgi-bin/mailman/listinfo/tor- relays
(https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays)
"
--
Finding information, passing it along. ~SuperSluether
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161006/9807f569/attachment.html>
More information about the tor-relays
mailing list