Hi all, while discussing on twitter with the guy of http://cryptic.be it about "How to block outgoing portscan from a Tor Exit Node" it arise the idea that the best way would be to correlate the amount of "outgoing tcp connection/time" from a specific "Tor Circuit".
So, rather than "Blocking" it would be really nice to be able to apply certain "Rate Limits" to the amount of outgoing, new TCP connection that can be done over an established circuit. Let's say that outgoing circuit change by default once every 10 minutes. To be able to block a portscan, it maybe interesting to have such a feature that would statically, or dynamically with a backoff algorithm, apply a outgoing connection rate limitation that can come from a specific circuit. That way it would be possible to identify what is a "normal and typical connection" and automatically filtering out aggressive traffic (an important amount of new TCP connections coming from that circuit). What does the list think about that kind of idea, both conceptually and from the possible implementation strategies? Fabio _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
