[tor-relays] Intrusion Prevention System Software - Snort or Suricata
Markus Koch
niftybunny at googlemail.com
Sun Oct 9 00:09:31 UTC 2016
I am more of a fan of closing certain URL paths. So we could at least
stop these very old Apache directory bug attacks. Or forbid accessing
whatever.com/admin/
Markus
2016-10-09 2:03 GMT+02:00 teor <teor2345 at gmail.com>:
>
>> On 9 Oct 2016, at 11:00, Markus Koch <niftybunny at googlemail.com> wrote:
>>
>> Would not help. These are bots, you can slow them down but this will
>> not stop them at all.
>
> Ah, but the point isn't to stop the bots, it's to stop the abuse
> complaints by coming in under the abuse report automated thresholds.
>
> In my experience, the abuse complaints are auto-generated, and no-one
> replies to my offer to block the site. So why not eliminate the
> complaints? Then everyone will be happy. Except the bot-herders.
>
> Tim
>
>>
>> Markus
>>
>>
>> 2016-10-09 1:57 GMT+02:00 teor <teor2345 at gmail.com>:
>>>
>>>> On 7 Oct 2016, at 05:07, Green Dream <greendream848 at gmail.com> wrote:
>>>>
>>>> If we're going to change anything I think it needs to happen within
>>>> Tor software. Operators could leverage the existing "Exitpolicy
>>>> reject" rules, or Tor could add functionality there if it's missing.
>>>> Whatever we do, I think it needs to be uniform and transparent.
>>>
>>> I had a conversation with someone at the recent tor meeting about
>>> rate-limiting Tor traffic. There are all sorts of drawbacks (blocking
>>> popular sites, for example), but I wonder if there are rate-limiting
>>> settings that would eliminate the majority of abuse reports based on
>>> default fail2ban and similar reporting system settings.
>>>
>>> For example, I wonder if the complaints I receive about SSH could be
>>> eliminated by slowing down repeated SSH connections to the same host
>>> by a second or so.
>>>
>>> Clearly more research is needed to work out if this is even feasible,
>>> and, if it is, what rate limits should apply to what ports.
>>>
>>> T
>>>
>>> --
>>> Tim Wilson-Brown (teor)
>>>
>>> teor2345 at gmail dot com
>>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>>> ricochet:ekmygaiu4rzgsk6n
>>> xmpp: teor at torproject dot org
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
>
>
>
>
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
More information about the tor-relays
mailing list