Yes you are right.
But to concentrate exit relays on some specific networks / ISP is also a bad idea.
 
I disabled all known traffic logs for daily usage. Only during ssh sessions to check rules.
I use selective rules to block botnets / trojans. I double check all IP's to not blocking important servers (hopefully).
 
It is not my aim to break client connections, but we should not close our eyes to potential problems.
 
 
Gesendet: Mittwoch, 16. September 2015 um 18:51 Uhr
Von: "Johan Nilsson" <jn@9999.se>
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] Preventing wp-admin related abuse report
On Tue, Sep 15, 2015 at 22:36:27 +0200, butary@gmx.de wrote:
> So I decided to go a controversial way - I installed an IDS/IPS +
> strong firewall rules.
> The log file contains a huge amount of rejected traffic. Most of the
> time, Botnet traffic and shortly rising WordPress attacks.
>
> I'm not happy with my decision but it smoothed my ISP because they
> received less abuse reports.
>
You log traffic and block addresses with a firewall based on what
the IDS/IPS consider bad?
Please stop and consider running a middle relay or bridge instead of
logging and breaking connections for clients.

> If someone has a more elegant solution, please advice me.
Try to educate or change ISP. Exits can unfortunately not be operated
from all networks.

Exit operators could try to maintain an (incomplete) list of addresses
that often causes complains for traffic from exits. They could choose
to block them using torrc. Might help a little with the ISP if the
complains does not come repeatedly from the same source.
But traffic would move to fewer exits and they would get more
complains. This is probably a bad idea and not a solution. Worse than
not running an exit to some destinations from that network? I do not
know.

Regards,
Johan
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays