Results 1 to 9 of 9
  1. #1
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default Detect the use of TOR

    I've been searching old threads to see what info there is about blocking TOR. Last thing I saw was to break out wireshark and write a signature. I haven't been able to do that. In the meantime, is there a good way to even detect TOR use on the network besides just happening to pass the guilty party's desk at an opportune time

  2. #2
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,362

    Default

    Protocol control will detect and block torrents. However, it may not be "universal" in its detection and contol of torrent clients. It is nearly impossible to block every bit torrent client. They are written to avoid detection, they are based on a very lose set of standards (if any standards at all) and they all use different ports and such.

    This is the problem with Upnp programs as I like to call them. Applications like teamviewer and logmein which can traverse a NAT and accept incoming connections without you having to punch holes in the firewall. Thats great from an ease of use stand point, but that also leaves you with little choice if you want to stop it from running on your network.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  3. #3
    Master Untangler
    Join Date
    Mar 2008
    Posts
    196

    Default

    I believe he is referring to the TOR protocol, not bittorrent.

    I would be interested in this answer also...

  4. #4
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,372

    Default

    Tor signature is in protocol control, but.......some times i view a false positive of dns querys blocking because are TOR.
    Protocol control based on L7 its a very good product, but outdated and whitout new signatures unless someone takes a fork and continue

  5. #5
    Untangler
    Join Date
    Jul 2009
    Posts
    64

    Default

    i have colafot packet analizer maybe i can help how to add new signatures.

  6. #6
    Untangler ethX's Avatar
    Join Date
    May 2010
    Posts
    44

    Default

    Quote Originally Posted by andrew50 View Post
    I believe he is referring to the TOR protocol, not bittorrent.

    I would be interested in this answer also...
    maybe because most of torrent users are connected through TOR, i think that's why ....
    Good Night UT Box

  7. #7
    Untanglit
    Join Date
    Dec 2008
    Location
    Poland
    Posts
    23

    Default

    Detecting is easy.
    Enable log TLS in Protocol Control. If you see lot new connections in the same time on ports different than 443 and 995 (google) it is TOR

    Another thing it its blocking it. I'm using blocking by IP in the firewall (you can add few thousands IP in small single IP field). Good and updated node and bridges list is needed for this.

  8. #8

  9. #9
    Untangler ethX's Avatar
    Join Date
    May 2010
    Posts
    44

    Default

    just want to mention that there is another udp version out known for a while now, no idea of the increase of Popularity of these new version.

    http://itnomad.wordpress.com/2008/10...-onion-router/
    Last edited by ethX; 07-18-2010 at 02:04 AM.
    Good Night UT Box

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2