For all its noble intentions, most of the traffic that comes out of
Tor is malicious.
This paper suggests an amount of malicious traffic that can be
categorized is approximately 10%.
<http://www.cs.uml.edu/~xinwenfu/paper/TorWard14_Fu.pdf>
It's a nice paper, but there's a lot of malicious traffic that an IDS
doesn't recognize.
As Cloudmark points out, they don't block or filter Tor IPs because it's
Tor, they do it because they see very high levels of abuse.
Regards,
John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.