Am 20.02.2020 11:02, schrieb Benoit Panizzon via mailop:
But I guess, just silently blacklisting Tor exist nodes and not sending a ARF report to the ISP could be an option to solve that issue.
This is probably a reasonable way of dealing with the problem. TOR exit nodes are somewhat like dynamic IP addresses - you will get a lot of dictionary attacks and similar stuff, and you can just block off any non-authenticated non-http access from such IPs (maybe use fail2ban to silence them for a limited time). Reporting them is as futile as reporting DSL IPs is - even if the provider would be able to identify the user, it just isn't feasible to instruct those users to find and fix the hacked device(s) on their network.
Cheers, Hans-Martin _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
