Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 11 November 2024, 07:16:31 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14253 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  How to block Tor
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: How to block Tor  (Read 25860 times)
hasanmnaqvi
Jr. Member
*
Offline Offline

Posts: 4


« on: Wednesday 14 April 2010, 02:17:05 am »

Hello All,
       I was a very satisfied user of Endian Firewall, till the time I found some of the users in my network easily going through the firewall using Onion Router mechanism Tor.
Is there any way to block its future uses.

Also can anybody tell me how to track the usage of tor and what all data has been compromised using it.

Please reply soon ... the situation here is risky
Logged
gyp_the_cat
Full Member
***
Offline Offline

Posts: 81



WWW
« Reply #1 on: Wednesday 14 April 2010, 07:55:57 pm »

Hi hasanmnaqvi,

I understand your problems Sad

Unfortunatly Tor was created to be able to tunnel through just about whatever ports you open up.  It's a bit like Skype in that regards in thats it's very clever and very, erm "slippery".

I don't believe Endian has the ready made ability to block Tor, and neither do most of the firewalls on the market (both open and closed source).

I've come across two ways of blocking it (and neither I will admit are 100% satsifactory since Tor is a B#@tard).

Gyp

Option 1
Create rules to block access to all the IP addresses.

Since the Tor network is incredibly dynamic it is possible that people can work around it, and you'll have to stay on your toes to be able to block.

You'll either have to create firewall rules to block the following or use hosts.deny.

For a list try:
https://www.dan.me.uk/torlist/
https://www.dan.me.uk/torlist/

Option 2
Use Snort (which is very much beyond me at the level these guys are talking about), have a look at:
https://packetprotector.org/forum/viewtopic.php?id=71
Logged
gyp_the_cat
Full Member
***
Offline Offline

Posts: 81



WWW
« Reply #2 on: Thursday 15 April 2010, 02:32:57 am »

Hm, been thinking about this a bit more this afternoon (as you do sat in the office pondering such things), and I've found:

http://archives.seul.org/or/talk/Dec-2008/msg00290.html

Relating to blocking Tor using Squid, simply by disallowing access to numerical IP addresses.

Quote from: Squid ACL
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny CONNECT numeric_IPs all

And I've also found an RBL that contains TOR nodes over at http://efnetrbl.org/ of rbl.efnetrbl.org.

Off topic: the RBL could be great used with Apache for websites hmmm

Will continue having a think, but I was likely quite wrong in that there are things you can do to block Tor not sure how succesful they'd be since I can test it from behind my firewalls unfortunatly.

Thinking could put the Tor list from https://www.dan.me.uk/torlist/ in Proxy - Banned IP Addresses and/or the same list in Proxy - Content Filter - Banned Sites.

Is it worth giving these a try hasanmnaqvi?
Logged
hinge
Full Member
***
Offline Offline

Posts: 93


« Reply #3 on: Thursday 15 April 2010, 11:26:09 am »

hi! i ask Something what is TOR means and you any link about this? thank you..
Logged
gyp_the_cat
Full Member
***
Offline Offline

Posts: 81



WWW
« Reply #4 on: Thursday 15 April 2010, 06:07:32 pm »

Hi Hinge, have a look at http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29 and http://www.torproject.org/.
Logged
lickfrog
Jr. Member
*
Offline Offline

Posts: 1


« Reply #5 on: Saturday 23 April 2011, 12:37:39 am »

Tor uses SSH tunneling and could be easily blocked by filtering all ingress SSH traffic (especial over port 80). I must admit though that I've never used Endian so I have no idea how you might actually do this but i would be surprised and very disappointed if Endian does not support traffic filtering of this type...


hi! i ask Something what is TOR means and you any link about this? thank you..

Tor uses a series of nodes to tunnel traffic all over the web and is the perfect tool for near-total anonymity! Because tor uses a type of SSH tunneling to encrypt all network traffic it becomes the perfect attacker/cracker platform for launching any number of nefarious attacks against any organization.
Logged
unassassinable
Jr. Member
*
Offline Offline

Posts: 3


« Reply #6 on: Saturday 23 April 2011, 02:04:10 pm »

I did this using the outbound firewall.  Set rules of what services you want to allow out, and block everything else.  This way you're not explicitly blocking every bad thing...because really, you're never gonna find every bad thing.  New bad things pop up every day, and people find ways to use them.  Doing it this way assumes that if you don't allow it, it's bad, and blocked.

Rich
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com