You could always drop all traffic that is destined for a tor node, the ip addresses of all the nodes are publicly available. And if you put together some tricky scripting skills you could makes rules for all of them. Since tor traffic is encrypted from the client to the nodes make it difficult to analyze the data of the packets.
Or you can drop all packets that are trying to receive the list of tor nodes from the directory servers. That may be easer.
its no problem for me to get a list of tor exit notes and convert them in a format i need. but: how to add a block-rule via ssh? what i need is to fully automate the process to block the tor clients ones a day. thanks in advance
its me again, i have a list with all exit-node addresses. but: is there a way to import them into a group from a txt file? i know in the 9.3 beta will be a black-list within the site-path-routing. anyone who tried this? for now, i could not find the beta here: ftp://ftp.astaro.com/UTM/v9/beta/ i only found some 9.2*** versions here
the answer to your question is: a. Are you trying to block Tor clients incoming from the internet?
how we try to solve it: --> exporting all exit notes at least twice a day to a list in the format 1.1.1.1 2.2.2.2 3.3.3.3 and so on. (IP-Adresses are for explanation only, not valid for this case)
after that, we create a lot of A Records for a host badclients.baddomain.local in sophos utm we created a dns-group for the baddomain.local (which exits on our dns server only) and used this object in the ruleset.
painpoint: i have no idea if the dns-group is updated regulary in the utm automaticaly. if yes, this is my solution, because the entrys of the dns-group object change from time to time
So there is no easy way to block tor?
I also tried different ways. All without success.
Application Control gives me a way to block Tor,
but when starting a Tor Browser it works.
Seems Application controll does not do its Job...
