+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
IT News Thread, torpark in Other News; I found out about this from the BBC and does allow filter free browsing from a usb stick, home drive ...
  1. #1
    Face-Man's Avatar
    Join Date
    Dec 2005
    Location
    London
    Posts
    577
    Thank Post
    11
    Thanked 58 Times in 40 Posts
    Rep Power
    70

    torpark

    I found out about this from the BBC and does allow filter free browsing from a usb stick, home drive etc. I just another thing to block.. 8O

    Torpark

    BBC- Free anonymising browser debuts

  2. #2

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    639
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: torpark

    As long as kids can't run EXEs from their Documents area or USB drives it shouldn't be a problem.

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: torpark

    Tor usually tries to connect out on a random TCP port. Hopefully most peoples firewalls will block this. However you can set it to use HTTPS.

    The following rules in the snort 'snortfire' community package will catch Tor traffic:

    100000874 - COMMUNITY MISC DLR-TOR Directory server response (community-misc.rules)
    100000875 - COMMUNITY MISC DLR-TOR Client Traffic (community-misc.rules)

  4. #4

    Join Date
    Oct 2005
    Location
    West London
    Posts
    55
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: torpark

    We support a number of sites, not all of which can be restricted by software policies (Peer networks etc. ).
    I've been looking at network blocking:- It seems to set up connections though TCP 80 to a random address and then use TCP 9001 and/or 9050 to communicate. I will try getting those ports blocked by our network bods and see what happens. Will post here if I get any more info.

  5. #5
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    617
    Thank Post
    3
    Thanked 17 Times in 15 Posts
    Rep Power
    22

    Re: torpark

    Quote Originally Posted by webman
    As long as kids can't run EXEs from their Documents area or USB drives it shouldn't be a problem.
    I'm concerned about this. How can you stop EXEs from running in My Documents and USB drives? GPO?

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: torpark


  7. #7
    StewartKnight's Avatar
    Join Date
    Jun 2005
    Posts
    1,587
    Thank Post
    2
    Thanked 27 Times in 21 Posts
    Rep Power
    30

    Re: torpark

    I would have thought that kids wouldn't be able to do this unless the knew the proxy details

    See.... security through obscurity does work!!!

  8. #8
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    617
    Thank Post
    3
    Thanked 17 Times in 15 Posts
    Rep Power
    22

    Re: torpark

    Looking at the other threads on how to ban exe files from usb drives etc (thanks for pointer Geoff), I will be trying Trust-No-EXE. http://www.beyondlogic.org/solutions...ust-no-exe.htm

  9. #9

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    639
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: torpark

    Yes, our (RM CC3) pupil usertypes cannot run EXEs from My Docs or removable disks (and other network places) due to GPO restrictions.

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: torpark

    I would have thought that kids wouldn't be able to do this unless the knew the proxy details

    See.... security through obscurity does work!!!
    Ok, just off the top of my head without getting too sneaky.

    Method 1

    1) Go to sysinternals
    2) Download TCPView from the networking section
    3) Run it straight from the zip file.
    4) surf a few web sites to open some connections to the proxy.
    5) Observe the IP/port firefox/IE is talking to.

    Method 2

    1) obtain a command prompt by your favorite method
    2) run task manager ('start taskmgr') and find IE/Firefox's process id.
    3) Surf some websites to open some connections to the proxy.
    4) run 'netstat -o'
    5) Observe the IP/Port of the process id you just noted is talking to.

    Method 3 (Firefox Only)

    1) enter about:config into the url bar
    2) enter 'proxy.http' as the filter.

    Method 4 (IE Only)

    1) Obtain a command prompt by your favorite method.
    2) enter the following command line:
    Code:
    reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings /s
    Or

    1) Browse the above key with regedit.

  11. #11

    Join Date
    Oct 2005
    Location
    West London
    Posts
    55
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: torpark

    Torpark uses Firefox portable, so the IE stuff isn't relevant. This also means that you won't be able to control it by changing Firefox settings.
    It also runs its own proxy- you will find that the IP address of the proxy Firefox connects to is 127.0.01. It is the outbound connection from this proxy that you need to block, and I have found so far that the destination address is different every time Torpark runs. Torpark seems to configure itself on the fly to use a different destination proxy each time- the users don't have to do anything except run it. Dangerous. :angry1:
    BTW, I find cports.exe is a good utility to use to trace network connections. If I find where I got it from, I'll let you know.

  12. #12

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,617 Times in 1,447 Posts
    Rep Power
    421

    Re: torpark

    Geoff was saying how pupils may find out the existing http proxy that is in use in order to put it in the tor settings files as they will need that to make outbound connections to the tor servers.

    Ben

  13. #13


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,473
    Thank Post
    866
    Thanked 848 Times in 670 Posts
    Rep Power
    196

    Re: torpark

    We (SmoothWall) are looking into ways of blocking torpark. These will hopefully be pretty general - folks use our proxy behind other people's firewalls sometimes - and with a bit of luck, my colleague Phil should have all the details for his talk at the edugeek conference. Naturally his notes will be made available on our website afterwards.

    It looks like it is going to be quite a difficult job tho, and will certainly involve some firewall jiggery pokery.

  14. #14
    woody's Avatar
    Join Date
    Jun 2005
    Location
    Carlisle, Cumbria
    Posts
    617
    Thank Post
    3
    Thanked 17 Times in 15 Posts
    Rep Power
    22

    Re: torpark

    I have tried putting the proxy for our CLEO proxy here in Cumbria into the torrc file and I still can't get through. That's a very good thing.

  15. #15

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: torpark

    You could detect it with the snort rules I mentioned earlier. Combine that with an output plugin to add per ip firewall rules to the proxy box. Job done.

    Of course if your using a whitelist for HTTPS then that'll mitigate it too.


    I have tried putting the proxy for our CLEO proxy here in Cumbria into the torrc file and I still can't get through. That's a very good thing.
    It does work, however:

    1. you need to use the HTTPS proxy
    2. you need to connect to a tor server running on port 443 (https).

    There's various other ways of shoehorning it too. Like using a SSH tunnel as I have previously mentioned.

    http://www.edugeek.net/index.php?nam...&p=41897#41897

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •