2 Replies Latest reply on Dec 7, 2016 5:13 AM by d_aloy

    How to block TOR networks IPs on NIPS

    ahtapok

      Hello,

       

      How to block TOR networks IPs on NS9100?

        • 1. Re: How to block TOR networks IPs on NIPS
          catdaddy

          Moved from Business to Network Security Platform (NSP, NIPS, NAC, NTBA > Discussions

          For better exposure and assistance.

           

          By

          Moderator

          • 2. Re: How to block TOR networks IPs on NIPS
            d_aloy

            Hi Ahtapok

             

            The signature "P2P: Tor-Privoxy Tunnel Detected" can be set to blocking mode to attempt blocking Tor communications. However Tor encryption may change and depending on what application is generating the TOR traffic, it will just look like SSL so connections may not be blocked with this signature.

            This is a problem, specially if you are looking to block outbound connections - I believe a better approach to block Tor is to work at the endpoint level, by limiting permissions to users so they cannot install TOR apps, or having some sort of application control/EDR system that can prevent/kill known TOR apps and connections when detected at the endpoint.

             

            If you are looking to block inbound TOR comms, then you can use the many sites available online that will provide you the proxy IP Addresses TOR uses - and you can create FW rules or specific UDS/SNORT sigs to block incoming connections from those IPs

             

            Regards

            David

            2 of 2 people found this helpful