I may have just found a bigger problem: I can't access the Suricata rulesets from my exit node. The website replies with "Error code 15, This request was blocked by the security rules." When I try to wget the ruleset from my exit node, I get error 403 forbidden.
Even if Suricata ships with some basic rulesets, it looks like I wouldn't be able to update them, because they block Tor exit nodes. Any ideas how to get around that? On Thu, Oct 6, 2016 at 9:57 AM, <oco...@email.cz> wrote: > Our implementation of suricata is a little different. We've got one as IPS > (just few rules) and second as IDS (all rules (block of rules) are switched > on). In the log of IDS we determine which chains should be filtered and > then we filter them one by one on IPS. The main thing is to not to cut of > any of the customers (in our case). > > > ---------- Původní zpráva ---------- > Od: Tristan <supersluet...@gmail.com> > Komu: tor-relays@lists.torproject.org > Datum: 6. 10. 2016 16:50:33 > Předmět: Re: [tor-relays] Intrusion Prevention System Software - Snort or > Suricata or no IPS at all > > Suricata allows direct access via the Tor network, Snort's website gave me > multiple failed Captchas before I could access anything. I'm going to do > some further research before I even think about implementing anything. > > How does one detect false positives when running an IPS? Do you just > frequently check the alerts and change the rules when necessary? > > On Thu, Oct 6, 2016 at 9:45 AM, Ralph Seichter <tor-relays...@horus-it.de> > wrote: > > On 06.10.16 16:24, oco...@email.cz wrote: > > > The subject of this thread is: Intrusion Prevention System Software - > > Snort or Suricata > > Fixed that for you. ;-) > > > If the only thing you wanted to say was, that you're against that, > > we're probably done ;) > > Stating that I oppose the idea of IPS as means of automatic censorship > of Tor exit nodes is part of the discussion. > > -Ralph > ______________________________ _________________ > tor-relays mailing list > tor-relays@lists.torproject. org <tor-relays@lists.torproject.org> > https://lists.torproject.org/ cgi-bin/mailman/listinfo/tor- relays > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> > > > > > -- > Finding information, passing it along. ~SuperSluether > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > -- Finding information, passing it along. ~SuperSluether
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays