[tor-relays] Intrusion Prevention System Software - Snort or Suricata
teor
teor2345 at gmail.com
Sat Oct 8 23:57:17 UTC 2016
> On 7 Oct 2016, at 05:07, Green Dream <greendream848 at gmail.com> wrote:
>
> If we're going to change anything I think it needs to happen within
> Tor software. Operators could leverage the existing "Exitpolicy
> reject" rules, or Tor could add functionality there if it's missing.
> Whatever we do, I think it needs to be uniform and transparent.
I had a conversation with someone at the recent tor meeting about
rate-limiting Tor traffic. There are all sorts of drawbacks (blocking
popular sites, for example), but I wonder if there are rate-limiting
settings that would eliminate the majority of abuse reports based on
default fail2ban and similar reporting system settings.
For example, I wonder if the complaints I receive about SSH could be
eliminated by slowing down repeated SSH connections to the same host
by a second or so.
Clearly more research is needed to work out if this is even feasible,
and, if it is, what rate limits should apply to what ports.
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20161009/46515245/attachment.sig>
More information about the tor-relays
mailing list