-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Today I got this for the first since I run exits:
Oct 06 08:23:03.000 [warn] Duplicate rendezvous cookie in
ESTABLISH_RENDEZVOUS.
Something I should worry about ?
- --
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP
Or you simply block port 22 and everyone everyone lived happily ever after.
I do not care about a script kiddie trying to hack something.
Bots are what I am afraid of, you get the same abuse over and over and over.
Markus
2016-10-06 6:43 GMT+02:00 Green Dream :
>>> > for i in subdir/*; do ssh
There is a possibility of parsing log of IPS a do actions with the policies.
"On 05.10.2016 16:03, Andreas Krey wrote:
> Everything to the OR port needs to pass in, esp. when you act as a
> guard, and fail2banning the ssh port, hmm. Everything else is closed
> anyway.
What I meant is that I can
Let me ask you a short question. Have you ever worked with IPS?
-- Původní zpráva --
Od: Green Dream
Komu: tor-relays@lists.torproject.org
Datum: 5. 10. 2016 20:58:36
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata
"@Mirimir:
>> IPS
On 10/05/2016 10:43 PM, Green Dream wrote:
for i in subdir/*; do ssh host mkdir -p "$i"; done
with an ssh-agent would look pretty exactly the same to the exit node.
>>>
>>> OK, so I left out the "Permission denied, please try again." bits :)
>>
>> The exit node doesn't see that - t
You still propably don't see that it consumes a lot of time to deal even
with automaticly generated messages. During last years all network attacks
graduates, if you're not going to solve that, every wise ISP is going to
refuse to host you.
-- Původní zpráva --
Od: Green Dream
On 06.10.16 12:12, oco...@email.cz wrote:
> There is a possibility of parsing log of IPS a do actions with the
> policies.
I don't trust any IPS that I have seen so far to come up with smart
enough exit policies. If I were to use an IPS to dynamically limit
inbound traffic (on a non-Tor server) a
What have you been working with? :) When the IPS is working wrong, it's
because of the admin ... :)
You probably will invest your time, but the ISP won't. The amount of the
problems is multiplying. Tor should evolve, or it will extinct like
dinosaurs.
I think that this IPS should be done
On 06.10.16 12:57, oco...@email.cz wrote:
> You probably will invest your time, but the ISP won't. The amount of
> the problems is multiplying. Tor should evolve, or it will extinct
> like dinosaurs.
I don't think that Tor has a problem. It works as designed. One might
say that service providers
On 10/06/2016 05:39 AM, Ralph Seichter wrote:
> On 06.10.16 12:57, oco...@email.cz wrote:
>
>> You probably will invest your time, but the ISP won't. The amount of
>> the problems is multiplying. Tor should evolve, or it will extinct
>> like dinosaurs.
>
> I don't think that Tor has a problem. It
It's apparent, that you're definitely not going to solve that ... you're
more into searching reasons why not to do that, than possibility how to do
that :) (btw you haven't mentioned you IPS experiences)
I just say facts
- the amount of malicious traffic is rising (during last 5 years it's
On 06.10.16 14:29, Mirimir wrote:
> What matters for "complaining parties" is that they're getting crap
> from some exit relay. So they complain.
Sure, and I don't have a problem with that. If I get complaints, I tell
the CP about Tor, and point them to the relevant information. All good
until th
> On Oct 6, 2016, at 7:45 AM, wrote:
>
> - The traffic going out of tor exit nodes in our network is even worse that
> the one which is comming out of the internet. Paul who started this thread
> has constant flow over 50kpps. It consists mostly from various DoS attacks +
> exploits against
On 06.10.16 14:45, oco...@email.cz wrote:
> It's apparent, that you're definitely not going to solve that ...
> you're more into searching reasons why not to do that, than possibility
> how to do that :)
It is not my job to solve "that", whatever that is exactly. ;-)
> (btw you haven't mentioned
The subject of this thread is: Intrusion Prevention System Software - Snort
or Suricata
I'll be more than glad, if we can have some productive discussion about
these two contemporaly IPS and their implementation along with tor. If the
only thing you wanted to say was, that you're against that
On 06.10.16 16:24, oco...@email.cz wrote:
> The subject of this thread is: Intrusion Prevention System Software -
> Snort or Suricata
Fixed that for you. ;-)
> If the only thing you wanted to say was, that you're against that,
> we're probably done ;)
Stating that I oppose the idea of IPS as me
Suricata allows direct access via the Tor network, Snort's website gave me
multiple failed Captchas before I could access anything. I'm going to do
some further research before I even think about implementing anything.
How does one detect false positives when running an IPS? Do you just
frequently
Our implementation of suricata is a little different. We've got one as IPS
(just few rules) and second as IDS (all rules (block of rules) are switched
on). In the log of IDS we determine which chains should be filtered and then
we filter them one by one on IPS. The main thing is to not to cut of
I may have just found a bigger problem: I can't access the Suricata
rulesets from my exit node. The website replies with "Error code 15, This
request was blocked by the security rules." When I try to wget the ruleset
from my exit node, I get error 403 forbidden.
Even if Suricata ships with some ba
You can't access suricata directly?
-- Původní zpráva --
Od: Tristan
Komu: tor-relays@lists.torproject.org
Datum: 6. 10. 2016 17:02:19
Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or
Suricata or no IPS at all
"
I may have just found a bigger pro
I think I'm doing this wrong. I was trying to access the ruleset links from
this page: https://suricata.readthedocs.io/en/latest/rules/intro.html
But I think I'm actually supposed to get the rulesets from somewhere else:
https://suricata.readthedocs.io/en/latest/oinkmaster.html
I can access Suric
I had 3 today on my non-exit relay. Can't remember seeing them before.
Maybe they are new in 0.2.8.8?
Times are UTC+2
Oct 06 09:14:03.000 [warn] Duplicate rendezvous cookie in
ESTABLISH_RENDEZVOUS.
Oct 06 14:08:13.000 [warn] Duplicate rendezvous cookie in
ESTABLISH_RENDEZVOUS.
Oct 06 14:08:14.
@oconor:
> Let me ask you a short question. Have you ever worked with IPS?
Yes. Please see my later email in this thread. I have experience with
Snort, Bro and proprietary IPS/IDS systems from Cisco and Palo Alto. I
also worked at a university's network operations helpdesk, where we
received hun
Same here, no clue why :(
markus
2016-10-06 10:45 GMT+02:00 Toralf Förster :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Today I got this for the first since I run exits:
>
> Oct 06 08:23:03.000 [warn] Duplicate rendezvous cookie in
> ESTABLISH_RENDEZVOUS.
>
> Something I sh
x2 too on a non-exit relay :
Oct 06 13:35:22.000 (UTC+2)
But nothing a 2nd relay process on the same machine...
06/10/2016 18:29, Logforme :
> I had 3 today on my non-exit relay. Can't remember seeing them before. Maybe
> they are new in 0.2.8.8? > Times are UTC+2 > > Oct 06 09:14:03.000 [warn]
25 matches
Mail list logo
