WingNews logo WingNews
top | item 37890351

(no title)

ludjer | 2 years ago

What's the alternative if most of tor traffic is password attempts and bad actors how do you protect yourself from tors bad actors without effecting all of tors users. I work at a company that runs a large website top 1000 websites in the world, and we don't even have to block tor exit nodes since they trigger our bot and snap blocking rules on our firewall, how do we let valid for users through without letting all the malicious actors?

discuss

order

pzmarzly|2 years ago

My take on this: if there is some DDoS taking place from same IP I am connecting from, that sucks for me but I'm willing to tolerate it (good old fail2ban). But having such a firewall all the time, even when you are getting less than 1 request per second from ToR? That's an overkill

lolinder|2 years ago

If I occasionally get a DDoS from Tor, I'll probably just block Tor all the time, even if my current traffic loads from Tor are low. It's simply not worth the hassle of waiting until my servers start getting spammed, it's better to just keep the door shut all the time.

ipaddr|2 years ago

How would you deal with an attack though residential US proxies? Your method falls apart.

How many of us deal with automated password attacks is to issue questions that only locals or people with specific knowledge could answer. Change the questions and do everything custom.

lolinder|2 years ago

It sounds like they have behavior-oriented rules that are just always triggered on Tor because Tor traffic has a disproportionate amount of bot traffic. I see no reason why behavioral blocking breaks down when an attack comes from an IP space that is usually more benign.

> How many of us deal with automated password attacks is to issue questions that only locals or people with specific knowledge could answer. Change the questions and do everything custom.

If I'm understanding what you're saying, this sounds horrible. What if I'm visiting an area where I don't have local knowledge? What about for the year or so after I move in to a new city? What if your assessment of what locals do and don't know is just wrong? There are a ridiculous number of failure modes in this questions-oriented approach. The only place this could possibly make sense is in some sort of internal company software, but even that context has better options available.