> On Sep 9, 2022, at 10:54 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > > On Fri, Sep 09, 2022 at 11:23:18PM +1000, Simon Wilson wrote: > >> I have no insight into why security firms, government departments, >> etc. recommend to block what they do. > > Note that the recommendations you quoted, suggest blocking Tor *exit* > nodes. While the service you're using seems to go above and beyond... > > Still, if this becomes an issue for enough users, we may have to do > something. For now, just one report is not a cause for alarm IMHO.
Also it seems odd that the OP is running IDS/IPS on *outbound* traffic. That seems a bit odd. If you accept the premise that tor exit nodes are exit points for all sorts of villainy and CP (I mean, they are, but there’s also legitimate traffic), the idea is that if you run some type of public-facing service, you may opt to restrict access if you find tor exit nodes are a regular source of abuse. But blocking *outbound* traffic to an IP (probably a full subnet) that may share other services seems unwise. But this is Ubiquiti we’re talking about, so it would not surprise me at all that they’re just grabbing some random list and doing silly things with it. Charles > > -- > Viktor.
signature.asc
Description: Message signed with OpenPGP
