Results 1 to 6 of 6
  1. #1
    Untanglit
    Join Date
    Dec 2008
    Location
    Poland
    Posts
    23

    Exclamation Please Untangle team, consider that ... (TOR)

    I know you are very busy people and honestly I'm impressed how quick you are manage to fix bugs, make requested improvements etc. I also realize it is a enormous effort behind that.

    But there is in my opinion one think that need more attention than the rest, because it can thwart almost all of the work you have done.

    Any user/employee can easily obtain Tor for free, and there is no more Untangle for him.

    Nothing will work: Web filter, Reports, Phish blocker, Spyware blocker, Ad blocker and even Protol control (since it can't recognize Tor 2 protocol).

    I can't just tell unruly employee: don't use Tor. Just as well I could tell: don't visit time wasting websites. (without untangle).

    I tried to watch Tor packets in the Wireshark.
    - It seems that in the Tor 2.x all protocol is encrypted.
    - I don't think there is a way to block it using protocol control without blocking regular https.
    - Tor Nods are using whole range of ports including 443,80,21,22.
    - Tor client uses IP Nodes list.

    The only way to block the Tor, that I can think of, is to implement in Firewall module, automatically updated list of Tor nodes.
    Automatically generated lists can be found on the Internet, so the is no need to load your Internet connection. Example: https://www.dan.me.uk/torlist/ (updated every hour).

    However I can imagine that this can be to hard to do. If yes, list fetched from local IP via FTP would do also fine.
    Even manually loaded list to Firewall via Web interface would be giant step forward compared what there is now (manually add and delete every entry).

    So please dear untangle team, consider that improvement. I know, I'm asking for a lot. But I think there is good reason for it.

  2. #2
    Untangle Ninja Solignis's Avatar
    Join Date
    Jul 2008
    Location
    Hudson, Ohio, USA
    Posts
    1,697

    Default

    Some post I saw on the internet may be on to something. They were saying to add a rule to snort to stop tor. Good for us that Snort is the backbone of the Untangle IPS module. All we need to do is come up with a rule for the IPS to match against the traffic and it would a start. Also you could try updating the rule sig for the protocol control app also. But I would not have the slightest clue how to.

    Update:

    This is interesting the policy for tor is already built into Untangle.

    Category: Policy
    Block: Off
    Log: Off
    Description: Potential Corporate Privacy Violation (TOR Traffic anonymizer server request)
    ID: 9324

    I don't know if it would a good idea to turn it on. But that is up to you, the way I see it, Untangle left it disabled for a reason.
    Last edited by Solignis; 03-08-2010 at 04:35 AM.
    “Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program.” - Linus Torvalds

  3. #3
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,630

    Default

    Why not just block people from installing the software for now...

    if they are an unruly employee you sit them down, or have Human Resources sit them down and explain what they are doing is against company policy, give them a verbal warning, do it again, written, do it again, fired.
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  4. #4
    Untangle Ninja Solignis's Avatar
    Join Date
    Jul 2008
    Location
    Hudson, Ohio, USA
    Posts
    1,697

    Default

    I agree, the best action is corporate policy. Any good filter must be met with company policy. You can't just block people from certain things and expect them to just go along with it. Having a sit down with HR and adding things to your company policy will nip the problem in the butt. For example we have a policy about people not storing data on the desktop hard drives, only on the servers. If the machine breaks we tell them, tough luck you know the rules. They don't like it. But they don't care enough to take it up with my boss.
    “Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program.” - Linus Torvalds

  5. #5
    Untanglit
    Join Date
    Dec 2008
    Location
    Poland
    Posts
    23

    Default

    Causing to fire a person it's not an option for me. I work in a small company with good relationship between employees. No one will be fired because of improper Internet usage. However if there is something that could help focus employees on the job (+ reduce Internet traffic, + improved safety) , I would use it. Therefore I decided to try the Untangle.

    In my opinion, that solution would be only attempt to avoid problem temporally, without really dealing with it.

    Moreover, you don't have to install Tor!
    First thing after google “tor download” is Tor bundle.
    You can have it on private USB stick.
    Just start it and enjoy Untangle free Internet

    As for policy 9324 from Snort, it looks promising. I don't have much experience with policies yet
    I will need to look into it

    Meanwhile, I have found simple solution to manually load IP list into Firewall :

    I was shocked when I discovered that in single IP field in Firewall Rule, you can put over 1400 IP's !!!!
    And it works !!

    Just separate it with commas :
    1.2.3.4,1.2.3.5, etc...

    Decent list can be found here:
    http://torstatus.kgprog.com/ip_list_...p_list_ALL.csv

    -You will need to convert LF's (0x0a) to commas (except last one).
    - Also you will need text editor which allows very long lines (I used notepad2).
    - Then just copy and paste the whole list into one IP field in firewall rule

    For now, the Tor is blocked. But the problem remains. There should be way to automatically update list of Tor nodes. In other case you will have to perform that procedure every couple of hours
    Last edited by Przemek; 03-09-2010 at 07:04 AM. Reason: link correction

  6. #6
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,630

    Default

    If you have a good relationship then you should easily be able to talk to this person and let them know they need to stop what they are doing.

    Youl dont have to fire someone, but just let them know, our company is small as well, 17 people total, before that it was 5 people and we still had rules.

    People just need to be told, that when at work they are using company resources, they are not at home and cant do what they want.

    nice find on that list though!
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2