+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22
IT News Thread, torpark in Other News; Geoff: might look at continually downloading a list of tor servers and banning them in the http proxy - but ...
  1. #16


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195

    Re: torpark

    Geoff: might look at continually downloading a list of tor servers and banning them in the http proxy - but that would involve denying other ports that aren't proxied.

  2. #17
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    613
    Thank Post
    3
    Thanked 17 Times in 15 Posts
    Rep Power
    22

    Re: torpark

    Quote Originally Posted by Geoff
    It does work, however:

    1. you need to use the HTTPS proxy
    2. you need to connect to a tor server running on port 443 (https).
    How do I set these to test then? Probably better to PM me rather than tell the whole CLEO community :P

  3. #18

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: torpark

    Geoff: might look at continually downloading a list of tor servers and banning them in the http proxy - but that would involve denying other ports that aren't proxied.
    Well, I don't have that problem. There's no direct access out other than via the proxy server. ie, IP forwarding is disabled on the proxy.

    Anyway, I prefer my dynamic blackholing using snort method. Your list might be out of date and your burdening the firewall with IP block's that'll never be hit. Worse still you might blackhole legitimate server because it's also running Tor.

    In short, blacklists suck.

    How do I set these to test then? Probably better to PM me rather than tell the whole CLEO community
    There's enough clues already on this thread. Basically just setup Tor to use the HTTPS server. Then you just need to force it to connect to a Tor server running on port 443. The most idiot proof way to do this is to run one on your machine at home. There's plenty of information in the Tor documentation on how to do all these steps.

    It's the same basic principle as the SSH tunneling method I previously outlined.

  4. #19


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195

    Re: torpark

    Geoff: Probably best to snort it, however blacklists have their uses, and the list of tor directories is quite small, AFAIK.

    (directories are where you go to get a list of tor nodes)

  5. #20

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: torpark

    I am well aware of how the Tor directory protocol works. I just don't see the point of blocking IP's when there's no reason.

  6. #21

    Join Date
    Oct 2005
    Location
    West London
    Posts
    55
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: torpark

    My, how this thread has grown since I looked this morning!

    @plexer: Thanks for the clarification @Geoff Sorry I misunderstood you. I agree that obscurity is not the best form of security.

    I've carried out some further tests and found that our on-site firewalls seem to block the connection from Torpark to outside. Which is a relief
    Can still use it from the office though..

  7. #22


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195

    Re: torpark

    Quote Originally Posted by Geoff
    I am well aware of how the Tor directory protocol works. I just don't see the point of blocking IP's when there's no reason.
    I'd guessed you might be - the parenthesised comment was largely for the benefit of anyone following the thread!

    Potentially, Snort is the "top answer" - however a multidentate approach is often necessary to stand a good chance of working in "most" cases - so we'll probably look at at least 3 alternatives and hope to implemet 1 or 2.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •