On 8/1/12 9:24 AM, Administrator wrote: > > an easy way is to limit the amount of tcp connections at the same time on a > edge router. this is usualy done to get rid of script kiddies which try to > break into ssh by trying every possible password for root. if tcp init is > however rate limited then its like a slow connection for opening sessions. > this could affect outgoing http though so its smarter to exclude port 80 and > 443 from it.
That way you will not catch scanning that goes across an entire netblock on port 80 to look for a possible specific vulnerable web applications (portscanning + application vulnerability check). You need to look at very specific portscanning pattern, finely tuned so that it would not risk to match also good tor traffic. -naif _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
