I am more of a fan of closing certain URL paths. So we could at least
stop these very old Apache directory bug attacks. Or forbid accessing
whatever.com/admin/
Markus
2016-10-09 2:03 GMT+02:00 teor :
>
>> On 9 Oct 2016, at 11:00, Markus Koch wrote:
>>
>> Would not help. These are bots, you can
> On 9 Oct 2016, at 11:00, Markus Koch wrote:
>
> Would not help. These are bots, you can slow them down but this will
> not stop them at all.
Ah, but the point isn't to stop the bots, it's to stop the abuse
complaints by coming in under the abuse report automated thresholds.
In my experience,
True, but slowing them down could still be useful.
At any rate, Suricata is a no-go for low-end relays that only have 500MB of
RAM. It just hammers the pagefile.
On Sat, Oct 8, 2016 at 7:00 PM, Markus Koch
wrote:
> Would not help. These are bots, you can slow them down but this will
> not stop
Would not help. These are bots, you can slow them down but this will
not stop them at all.
Markus
2016-10-09 1:57 GMT+02:00 teor :
>
>> On 7 Oct 2016, at 05:07, Green Dream wrote:
>>
>> If we're going to change anything I think it needs to happen within
>> Tor software. Operators could leverage
> On 7 Oct 2016, at 05:07, Green Dream wrote:
>
> If we're going to change anything I think it needs to happen within
> Tor software. Operators could leverage the existing "Exitpolicy
> reject" rules, or Tor could add functionality there if it's missing.
> Whatever we do, I think it needs to be
@oconor:
> Let me ask you a short question. Have you ever worked with IPS?
Yes. Please see my later email in this thread. I have experience with
Snort, Bro and proprietary IPS/IDS systems from Cisco and Palo Alto. I
also worked at a university's network operations helpdesk, where we
received hun
relays@lists.torproject.org
> Datum: 6. 10. 2016 17:02:19
> Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
> Suricata or no IPS at all
>
> I may have just found a bigger problem: I can't access the Suricata
> rulesets from my exit node. The website
You can't access suricata directly?
-- Původní zpráva --
Od: Tristan
Komu: tor-relays@lists.torproject.org
Datum: 6. 10. 2016 17:02:19
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata or no IPS at all
"
I may have just foun
ráva --
> Od: Tristan
> Komu: tor-relays@lists.torproject.org
> Datum: 6. 10. 2016 16:50:33
> Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
> Suricata or no IPS at all
>
> Suricata allows direct access via the Tor network, Snort's website gave
ut of any of
the customers (in our case).
-- Původní zpráva --
Od: Tristan
Komu: tor-relays@lists.torproject.org
Datum: 6. 10. 2016 16:50:33
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata or no IPS at all
"
Suricata allows dir
Suricata allows direct access via the Tor network, Snort's website gave me
multiple failed Captchas before I could access anything. I'm going to do
some further research before I even think about implementing anything.
How does one detect false positives when running an IPS? Do you just
frequently
On 06.10.16 16:24, oco...@email.cz wrote:
> The subject of this thread is: Intrusion Prevention System Software -
> Snort or Suricata
Fixed that for you. ;-)
> If the only thing you wanted to say was, that you're against that,
> we're probably done ;)
Stating that I oppose the idea of IPS as me
re against that, we're probably
done ;)
-- Původní zpráva --
Od: Ralph Seichter
Komu: tor-relays@lists.torproject.org
Datum: 6. 10. 2016 15:39:55
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata
"On 06.10.16 14:45, oco...@email
On 06.10.16 14:45, oco...@email.cz wrote:
> It's apparent, that you're definitely not going to solve that ...
> you're more into searching reasons why not to do that, than possibility
> how to do that :)
It is not my job to solve "that", whatever that is exactly. ;-)
> (btw you haven't mentioned
> On Oct 6, 2016, at 7:45 AM, wrote:
>
> - The traffic going out of tor exit nodes in our network is even worse that
> the one which is comming out of the internet. Paul who started this thread
> has constant flow over 50kpps. It consists mostly from various DoS attacks +
> exploits against
On 06.10.16 14:29, Mirimir wrote:
> What matters for "complaining parties" is that they're getting crap
> from some exit relay. So they complain.
Sure, and I don't have a problem with that. If I get complaints, I tell
the CP about Tor, and point them to the relevant information. All good
until th
Ralph Seichter
Komu: tor-relays@lists.torproject.org
Datum: 6. 10. 2016 13:39:54
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata
"On 06.10.16 12:57, oco...@email.cz wrote:
> You probably will invest your time, but the ISP won't. The amount of
On 10/06/2016 05:39 AM, Ralph Seichter wrote:
> On 06.10.16 12:57, oco...@email.cz wrote:
>
>> You probably will invest your time, but the ISP won't. The amount of
>> the problems is multiplying. Tor should evolve, or it will extinct
>> like dinosaurs.
>
> I don't think that Tor has a problem. It
On 06.10.16 12:57, oco...@email.cz wrote:
> You probably will invest your time, but the ISP won't. The amount of
> the problems is multiplying. Tor should evolve, or it will extinct
> like dinosaurs.
I don't think that Tor has a problem. It works as designed. One might
say that service providers
Intrusion Prevention System Software - Snort or
Suricata
"On 06.10.16 12:12, oco...@email.cz wrote:
> There is a possibility of parsing log of IPS a do actions with the
> policies.
I don't trust any IPS that I have seen so far to come up with smart
enough exit policies.
On 06.10.16 12:12, oco...@email.cz wrote:
> There is a possibility of parsing log of IPS a do actions with the
> policies.
I don't trust any IPS that I have seen so far to come up with smart
enough exit policies. If I were to use an IPS to dynamically limit
inbound traffic (on a non-Tor server) a
Od: Green Dream
Komu: tor-relays@lists.torproject.org
Datum: 5. 10. 2016 23:18:55
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata
"@Tristan:
> there must be something we can do about this as relay
> operators.
No, we don't need to
On 10/05/2016 10:43 PM, Green Dream wrote:
for i in subdir/*; do ssh host mkdir -p "$i"; done
with an ssh-agent would look pretty exactly the same to the exit node.
>>>
>>> OK, so I left out the "Permission denied, please try again." bits :)
>>
>> The exit node doesn't see that - t
Let me ask you a short question. Have you ever worked with IPS?
-- Původní zpráva --
Od: Green Dream
Komu: tor-relays@lists.torproject.org
Datum: 5. 10. 2016 20:58:36
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata
"@Mirimir:
&
There is a possibility of parsing log of IPS a do actions with the policies.
"On 05.10.2016 16:03, Andreas Krey wrote:
> Everything to the OR port needs to pass in, esp. when you act as a
> guard, and fail2banning the ssh port, hmm. Everything else is closed
> anyway.
What I meant is that I can
Or you simply block port 22 and everyone everyone lived happily ever after.
I do not care about a script kiddie trying to hack something.
Bots are what I am afraid of, you get the same abuse over and over and over.
Markus
2016-10-06 6:43 GMT+02:00 Green Dream :
>>> > for i in subdir/*; do ssh
>> > for i in subdir/*; do ssh host mkdir -p "$i"; done
>> >
>> > with an ssh-agent would look pretty exactly the same to the exit node.
>>
>> OK, so I left out the "Permission denied, please try again." bits :)
>
> The exit node doesn't see that - that's the point of ssh. It can
> at best look a
On Wed, 05 Oct 2016 14:52:53 +, Mirimir wrote:
...
> >> no? Why should "... ssh foo@w.x.y.z ... ssh bar@w.x.y.z ... ssh
> >> baz@w.x.y.z ..." get through, if it destroys exits? Maybe someone could
...
> > for i in subdir/*; do ssh host mkdir -p "$i"; done
> >
> > with an ssh-agent would look
On 05/10/16 06:20 PM, Green Dream wrote:
Criminals using Tor is not a new problem. It's addressed as the first
question in the Abuse FAQ, here:
https://www.torproject.org/docs/faq-abuse.html.en#WhatAboutCriminals
and it's discussed by the EFF here:
https://www.eff.org/deeplinks/2014/07/7-things-
Well, this sentence from the EFF gives me some peace of mind: "You are not
helping criminals by using Tor any more than you are helping criminals by
using the Internet."
I still wish there was a better way to handle things, but at this point I'm
just begging the question.
On Wed, Oct 5, 2016 at 5
> I'm being to think there is no real solution to the problem. As long as Tor
> serves its purpose of providing uncensored access to the Internet, bad guys
> will always abuse it, and the operators will almost always be at odds with
> their ISP. Anything we try to do to block abuse will destroy the
Then what _can_ we do? Because as it stands, Tor is the perfect tool for
criminals, and your stand is "do nothing." An ISP can trace illegal
activity to a user, we can't. Even if Tor is considered an ISP in that
sense, the rules vary by country, maybe even by provider.
I'm being to think there is
@Markus
Okay, so you are offended by the phrase "it's that simple". Sorry, if
I could remove that sentence I would. I didn't mean to imply that
running an exit was trivial or easy.
Otherwise, I stand by my argument -- automated filtering or blocking
is not the right answer. The co-founder of Tor
No, you are not. Its not that simple as "just find a ISP"
The Tor network is made up of volunteers, so you need a:
1. ISP with more than laughable traffic limits
2. Tor friendly
3. Cheap
4. and with traffic connections that the Tor network likes
Thats not easy. OVH (the biggest in Tor) is pissed
On 05.10.16 23:18, Green Dream wrote:
> Yes we need to be responsive to abuse complaints, but no, we don't
> have to implement IPS systems or proactively block traffic just to
> appease an ISP who gets stressed out by automated abuse complaints.
That. Blocking traffic should be a last resort, and
> You are ignoring completely reality, aren't you?
No, I'm describing the status quo, how Tor already operates. "Don't
run IPS/Snort on exits" has been a long standing response from the Tor
folks. It looks to me like that response is essentially unchanged.
_
>
>
> No, we don't need to do anything. Tor has been running under these
> principles of uncensored access for a long time. Find an ISP that
> understands Tor, appreciates the nature of the service and its value,
> and is willing to work with you in a reasonable manner on abuse
> complaints. It's t
@Tristan:
> there must be something we can do about this as relay
> operators.
No, we don't need to do anything. Tor has been running under these
principles of uncensored access for a long time. Find an ISP that
understands Tor, appreciates the nature of the service and its value,
and is willing
On 10/05/2016 02:39 PM, Andreas Krey wrote:
> On Wed, 05 Oct 2016 13:48:19 +, Mirimir wrote:
> ...
>> exits unpredictably unreliable. On the other hand, IPS that only blocked
>> automated crap would be a win for real users, relay operators and ISPs,
>> no? Why should "... ssh foo@w.x.y.z ... ss
On Wed, 05 Oct 2016 13:48:19 +, Mirimir wrote:
...
> exits unpredictably unreliable. On the other hand, IPS that only blocked
> automated crap would be a win for real users, relay operators and ISPs,
> no? Why should "... ssh foo@w.x.y.z ... ssh bar@w.x.y.z ... ssh
> baz@w.x.y.z ..." get throug
On 10/05/2016 12:58 PM, Green Dream wrote:
> @Mirimir:
>
>
>>> IPS aren't perfect - they let some unwanted traffic through, and
>>> block other traffic that is totally ok.
>
>
>> That is an issue. But there are many exits, so eventually users should
>> find one that works well enough for their
Be that as it may, there must be *something* we can do about this as relay
operators. If you get caught doing something illegal on your home Internet
connection, there are warnings, and eventually consequences (like being
disconnected). Just because you run a Tor relay doesn't mean the rules
don't
These are getting rare. It is much easier to get a seedbox than a tor
exit. I had even bulletproof ISPs who dont want to host exits. Believe
me, I was chatting /mailing ISPs for days and its a mess.
Markus
PS: Tor changed years ago the exit policy and since then Tor is not
anymore one big torrent
@Mirimir:
>> IPS aren't perfect - they let some unwanted traffic through, and
>> block other traffic that is totally ok.
> That is an issue. But there are many exits, so eventually users should
> find one that works well enough for their purposes.
Re-read what you said and think about this fr
On 05.10.2016 16:03, Andreas Krey wrote:
> Everything to the OR port needs to pass in, esp. when you act as a
> guard, and fail2banning the ssh port, hmm. Everything else is closed
> anyway.
What I meant is that I can see a use for automation when it comes to
securing a server -- not necessarily
On Wed, 05 Oct 2016 15:40:49 +, Ralph Seichter wrote:
...
> I can see what motivates you. Personally, I can't think of a scenario
> where I would use automation to set outbound traffic policies (inbound
> traffic is a different matter, fail2ban comes to mind).
How this? Everything to the OR po
On 05.10.2016 14:06, oco...@email.cz wrote:
> Unfortunately for us (as an ISP) it's not just about passing these
> messages. If we don't want to be accused from not stopping something
> illegal we knew about, we need some feedback - what have been done to
> prevent this to happen in the future.
I
I wish I had spare time for doing that magic ... I think, that easier
solution for me as an ISP is to shut the node down.
-- Původní zpráva --
Od: Markus Koch
Komu: tor-relays
Datum: 5. 10. 2016 15:07:37
Předmět: Re: [tor-relays] Intrusion Prevention System Software
Okay, I´ll volunteer as an guinea pig if you are okay with it, I´ll
get 2 VPSs and you do your Snort magic on them. Worst case is that we
all know it isnt working and we have learned something :)
Markus
2016-10-05 14:06 GMT+02:00 :
It's really time consuming and that's
> why I would like to c
Nope I'm speaking generally about frauds we have to solve. Just few cases
were connected directly to offenders who run tor on fake ID and use it
purpousely as a cover for illegal activity. Other cases usualy use tor as a
medium to anonymize their activity (unfortunately no IPS would help here).
But this is not only related to Tor sites? May I asked for your
websites so I can understand why you get so much fraud? Working with
an ISP years ago, we didnt had this issue so often. There were users
not paying but it was less fraud and more broke.
Markus
2016-10-05 13:19 GMT+02:00 :
> usual
Unfortunately for us (as an ISP) it's not just about passing these messages.
If we don't want to be accused from not stopping something illegal we knew
about, we need some feedback - what have been done to prevent this to happen
in the future. If there is no feedback, we usualy disconnect the serv
Different viewpoint:
I pay $5 + Taxes (WTF?) for an droplet with DigitalOcean
I pay $7,5 for a VPS with Hostwinds
Someone has to get the abuse mail, check where to send them and then
make this issue as solved. From an economic standpoint this is a
shitty idea. I cost them more than I pay. Even if
On 05.10.16 13:16, Markus Koch wrote:
> reality is many sites will not block Tor traffic but will send
> (automated) abuse mails over and over and over again.
True, sadly. And like you said it is their right not to block Tor based
traffic. But it is your right not to heed their ongoing complaints
usualy bitcoins ... but there were also many cases of strawperson accounts
via stolen ID card or other techniques. We solve that almost on daily basis
with police.
"> - During my praxis, I've met only like 10% of customers (tor exit node)
with
> real data - unfortunately ISP is not the one who
Sounds great, but the reality is many sites will not block Tor traffic
but will send (automated) abuse mails over and over and over again.
Had this with a bank in South Korea who sent weekly abuse mails with
"we will sue you in the USA, we will sue you in South Kora and we will
never ending suing y
On 04.10.2016 23:55, oco...@email.cz wrote:
> If I understand that well ... if tor operator is avare, that his tor
> node is used for illegal activity (when their ISP told them about that)
> and he's not going to do anything abou that, he wont be guity by
> complicity?
Like I said, I am no lawyer
> - During my praxis, I've met only like 10% of customers (tor exit node) with
> real data - unfortunately ISP is not the one who can judge that - we have to
> trust our customer
>
TIL that I am an idiot for using my real data.
How do they pay? With all of my webhosting companies I pay with PayPa
Let's take it from the end.
- nowadays we use IPS to filter over 130k webhosting accounts. It's up to
the admin who set what exactly should be filtered. It's definitely not about
the used sw.
- I don't know how this BadExit evaluation thing works - if it values nodes
automatically by acces
On 10/05/2016 01:27 AM, teor wrote:
>
>> On 5 Oct 2016, at 18:10,
>> wrote:
>>
>> We're back to IPS, which can drop the specific malicious traffic.
>> I've been speaking with the lawyer few minutes ago. He told me
>> that there is a pressure to put all the responsibility for the
>> traffic to t
> On 5 Oct 2016, at 18:10, wrote:
>
> We're back to IPS, which can drop the specific malicious traffic. I've been
> speaking with the lawyer few minutes ago. He told me that there is a pressure
> to put all the responsibility for the traffic to the ISPs. Well ... what are
> the ISPs most pro
We're back to IPS, which can drop the specific malicious traffic. I've been
speaking with the lawyer few minutes ago. He told me that there is a
pressure to put all the responsibility for the traffic to the ISPs. Well ...
what are the ISPs most probably going to do ... ? They can ban all tor exit
I am receiving more and more trouble from running an exit node here.
Perhaps we should refuse to support US legislation?
On 10/04/2016 06:35 PM, Green Dream wrote:
> @keb:
>
>> It is not our problem if someone uses
>> the telecom network to read/write data to a vulnerable server - it is
>> the vu
@keb:
> It is not our problem if someone uses
> the telecom network to read/write data to a vulnerable server - it is
> the vulnerable server's problem to fix.
Sounds great, but this is not how it works in the real world.
> The ISP (and Tor network) are
> only responsible for delivering the pa
Is the distinction between knowledge after the fact and knowledge at
the time of occurence of "bad traffic" not important?
I'm all for reducing bad traffic, but where does the line get drawn?
I've also been dealing with multiple abuse reports on Digital Ocean.
Quite a few common abuse ports are a
What should a tor exit op do? Ban the user? exits get the traffic from middle
nodes and we cant tell (by design) who anyone is. We can block ips but that is
not really helping with bots who tries to find vulnerabilities and scan large
blocks.
markus
Sent from my iPad
> On 4 Oct 2016, at 23:55
If I understand that well ... if tor operator is avare, that his tor node is
used for illegal activity (when their ISP told them about that) and he's not
going to do anything abou that, he wont be guity by complicity?
"On 04.10.16 22:37, oco...@email.cz wrote:
> Tor and IPS has both it's own na
On 04.10.16 22:37, oco...@email.cz wrote:
> Tor and IPS has both it's own nature and you shouldn't be punished, if
> your intension was just to filter the bad traffic.
And who is to decide what constitutes "bad traffic"? I am not a lawyer,
but in Germany one of the cornerstones of not being held
Everything is easy when you hit the base of the problem and you're able to
change it. I don't know what kind of community gathers here. Let's see where
the discussion leads.
Petr
"Just for shits and giggles:
Do you have a good, easy, workable solution to this complex problem?
Markus
2016-1
This is really interesting. I just don't understand, how you can be
responsible for the traffic, when you use the IPS. Tor and IPS has both it's
own nature and you shouldn't be punished, if your intension was just to
filter the bad traffic. Can you be more specific about some real case, when
thi
Just for shits and giggles:
Do you have a good, easy, workable solution to this complex problem?
Markus
2016-10-04 22:19 GMT+02:00 :
> And I'm not against you (tor admins/operators) ;)
>
> I'm really glad that this discussion started, let's see, if we can find some
> solution.
>
> Just 2 make
Okay, I am getting confused.
(OSI model here)
ATM we are traffic shaping/blocking at layer 3
DNS is layer 7.
destination IP and port should be layer 1-4, right?
Markus
2016-10-04 22:18 GMT+02:00 Roger Dingledine :
> On Tue, Oct 04, 2016 at 10:08:25PM +0200, Markus Koch wrote:
>> Thank you ver
And I'm not against you (tor admins/operators) ;)
I'm really glad that this discussion started, let's see, if we can find some
solution.
"Just 2 make 1 thing clear: Its not we against you (ISPs).
Working myself years ago at an ISP I know the trouble and I understand
the issues.
Markus
201
On Tue, Oct 04, 2016 at 10:08:25PM +0200, Markus Koch wrote:
> Thank you very much, interesting. So I could block URLs but not on
> deep packet inspection?
That's where it starts to get murky: where do headers end and contents
begin? It depends what protocol layer you're looking at. Law-makers
spe
Thank you very much, interesting. So I could block URLs but not on
deep packet inspection?
Markus
2016-10-04 22:04 GMT+02:00 Roger Dingledine :
> On Tue, Oct 04, 2016 at 09:55:01PM +0200, Markus Koch wrote:
>> Everyone is running a reduced exit policy ... I only allow HTTP +
>> HTTPS and I know
On Tue, Oct 04, 2016 at 09:55:01PM +0200, Markus Koch wrote:
> Everyone is running a reduced exit policy ... I only allow HTTP +
> HTTPS and I know nobody who allows port 25 at the end of the day
> we all shape our exit traffic.
Choosing what to do with your traffic based on headers is fundam
Everyone is running a reduced exit policy ... I only allow HTTP +
HTTPS and I know nobody who allows port 25 at the end of the day
we all shape our exit traffic.
Markus
2016-10-04 21:42 GMT+02:00 Roger Dingledine :
> On Tue, Oct 04, 2016 at 10:21:14AM -0500, BlinkTor wrote:
>> The technical
On Tue, Oct 04, 2016 at 10:21:14AM -0500, BlinkTor wrote:
> The technical problem is that implementing IPS in Tor would be massively
> non-trivial.[...]
>
> The political problem is, what gets blocked by TIPS and what doesn???t? Who
> gets to decide? What if some of those brute-force SSH or DOS
Just 2 make 1 thing clear: Its not we against you (ISPs).
Working myself years ago at an ISP I know the trouble and I understand
the issues.
Markus
2016-10-04 19:49 GMT+02:00 :
> Hello,
>
> I'm the ISP technician who is negotiating with Paul who started this thread.
> I just read this whole di
Hello,
I'm the ISP technician who is negotiating with Paul who started this thread.
I just read this whole discussion and I think that there are few things
which need to be mentioned.
The threat of blocked subnet is real. It happened once to us and we don't
want to experience that anymor
2016-10-04 19:21 GMT+02:00 Tristan :
> I hate Webiron. They never marked any of my IP abuses as resolved, even
> though I responded and revised my exit policy within 24 hours of the
> complaint.
>
>
Ticket or e-mail?
Markus
___
tor-relays mailing list
t
I hate Webiron. They never marked any of my IP abuses as resolved, even
though I responded and revised my exit policy within 24 hours of the
complaint.
On Oct 4, 2016 12:10 PM, "Markus Koch" wrote:
> 100% agreed.
>
> Just let us kick out the bots ...
>
> Offending/Source IP: 95.85.45.159
>
100% agreed.
Just let us kick out the bots ...
Offending/Source IP: 95.85.45.159
- Issue: Source has attempted the following botnet activity:
Semalt Referrer Spam Tor Exit Bot
I am not in for free speech for bots and anything without a pulse.
markus
Hello!
=== You are receiving this e
Am 04.10.2016 um 18:46 schrieb Moritz Bartl:
> Still, this will not help in this (and related) cases: I have not yet
> seen proven cases where the reputation of the netblock was endangered,
> but if an ISP is afraid of that, there's no good way to cooperate. An
> IDS is their obvious suggestion,
Am 04.10.2016 um 18:24 schrieb krishna e bera:
> What if someone who doesnt like Tor project is deliberately accessing
> honeypots in order to get exit nodes shut down?
That seems kind of easy, because there are some certain spots where you can
assume those pots to be and depending on the respo
On 10/04/2016 06:23 PM, Tristan wrote:
> Wouldn't it be interesting if we could set up some kind of central "Tor
> Abuse Center" where all the complaints go, and all the relay operators
> can help respond to them. I suppose it would be pretty chaotic though...
We actually discussed this briefly ag
What if someone who doesnt like Tor project is deliberately accessing
honeypots in order to get exit nodes shut down?
We need to establish some sort of legal or political solidarity to tell
ISPs to be net neutral with us. It is not our problem if someone uses
the telecom network to read/write data
Wouldn't it be interesting if we could set up some kind of central "Tor
Abuse Center" where all the complaints go, and all the relay operators can
help respond to them. I suppose it would be pretty chaotic though...
On Oct 4, 2016 11:18 AM, "pa011" wrote:
> Yes its ISP - plus 10 times more fire-
Yes its ISP - plus 10 times more fire-power both, Markus and me
which is 10 times more work, sadly :-(
Am 04.10.2016 um 18:12 schrieb Markus Koch:
> Short answer: ISP
>
> I got 2 abuse mails (1 false positive) from Hostwinds in 4 months and
> I get weekly mass reports from DigitalOcean.
> And t
Short answer: ISP
I got 2 abuse mails (1 false positive) from Hostwinds in 4 months and
I get weekly mass reports from DigitalOcean.
And the thing that pisses me off is: Its all bots or Tax spam or other
stuff I got weeks/months ago. Different day, same shitty abuse mail.
Markus
2016-10-04 18:0
I don't know what I'm doing different, because I only got 2 complaints in
the last 2 months, and that was for SSH and SQL stuff.
On Oct 4, 2016 11:01 AM, "pa011" wrote:
> Me too Markus -could fill a folder with that tax issue :-((
> Costing a lot of time to answer and restrict the IPs
>
> Plus m
Me too Markus -could fill a folder with that tax issue :-((
Costing a lot of time to answer and restrict the IPs
Plus my ISP moaning with good reason: "It's not just about you, but you're
giving a bad reputation to one /21 and one /22 subnet. That's ~ 3000 IPs which
are potentionaly endagered to
same shit here:
Dear User,
We are contacting you because of unusual activity coming from your IP
address towards the IT infrastructure of the European Commission.
In specific, since 03/10/2016, IP addresses 95.85.45.159 &
104.236.225.19 of Digital Ocean, located in the Netherlands (NL) and
the USA
Am 04.10.2016 um 16:48 schrieb krishna e bera:
> On 04/10/16 08:48 AM, pa011 wrote:
>> One of my main ISP is going mad with the number of abuses he gets from my
>> Exits (currently most on port 80).
>> He asks me to install "Intrusion Prevention System Software" or shutting
>> down the servers.
> On Oct 4, 2016, at 7:48 AM, pa011 wrote:
>
> One of my main ISP is going mad with the number of abuses he gets from my
> Exits (currently most on port 80).
> He asks me to install "Intrusion Prevention System Software" or shutting down
> the servers.
> He personally recommends Snort or Suri
On 04/10/16 08:48 AM, pa011 wrote:
> One of my main ISP is going mad with the number of abuses he gets from my
> Exits (currently most on port 80).
> He asks me to install "Intrusion Prevention System Software" or shutting down
> the servers.
You can first ask him for a copy of the complaints i
One of my main ISP is going mad with the number of abuses he gets from my Exits
(currently most on port 80).
He asks me to install "Intrusion Prevention System Software" or shutting down
the servers.
He personally recommends Snort or Suricata.
As far as I understand implementing such a software
97 matches
Mail list logo
