Detect the use of TOR
I've been searching old threads to see what info there is about blocking TOR. Last thing I saw was to break out wireshark and write a signature. I haven't been able to do that. In the meantime, is there a good way to even detect TOR use on the network besides just happening to pass the guilty party's desk at an opportune time
Protocol control will detect and block torrents. However, it may not be "universal" in its detection and contol of torrent clients. It is nearly impossible to block every bit torrent client. They are written to avoid detection, they are based on a very lose set of standards (if any standards at all) and they all use different ports and such.
This is the problem with Upnp programs as I like to call them. Applications like teamviewer and logmein which can traverse a NAT and accept incoming connections without you having to punch holes in the firewall. Thats great from an ease of use stand point, but that also leaves you with little choice if you want to stop it from running on your network.
I believe he is referring to the TOR protocol, not bittorrent.
I would be interested in this answer also...
Tor signature is in protocol control, but.......some times i view a false positive of dns querys blocking because are TOR.
Protocol control based on L7 its a very good product, but outdated and whitout new signatures unless someone takes a fork and continue
i have colafot packet analizer maybe i can help how to add new signatures.
maybe because most of torrent users are connected through TOR, i think that's why ....Originally Posted by andrew50
Good Night UT Box
Detecting is easy.
Enable log TLS in Protocol Control. If you see lot new connections in the same time on ports different than 443 and 995 (google) it is TOR
Another thing it its blocking it. I'm using blocking by IP in the firewall (you can add few thousands IP in small single IP field). Good and updated node and bridges list is needed for this.
just want to mention that there is another udp version out known for a while now, no idea of the increase of Popularity of these new version.
http://itnomad.wordpress.com/2008/10...-onion-router/
Last edited by ethX; 07-18-2010 at 02:04 AM.
Good Night UT Box
Posting Permissions
LinkBack URL
About LinkBacks
