Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 17489 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block TOR

Simon Shaw
Is their a way to block TOR ?
(I assume a IDS rule ?)


This thread was automatically locked due to age.
Parents
  • 0
    Hello BarryG,

    the answer to your question is:
    a. Are you trying to block Tor clients incoming from the internet?

    how we try to solve it:
    --> exporting all exit notes at least twice a day to a list in the format
    1.1.1.1
    2.2.2.2
    3.3.3.3
    and so on. (IP-Adresses are for explanation only, not valid for this case)

    after that, we create a lot of A Records for a host badclients.baddomain.local
    in sophos utm we created a dns-group for the baddomain.local (which exits on our dns server only) and used this object in the ruleset. 

    painpoint: i have no idea if the dns-group is updated regulary in the utm automaticaly.
    if yes, this is my solution, because the entrys of the dns-group object change from time to time

    best
    sophoslabfan
  • 0 in reply to Sophos_iLIKE
    So there is no easy way to block tor?
    I also tried different ways. All without success.
    Application Control gives me a way to block Tor,
    but when starting a Tor Browser it works.
    Seems Application controll does not do its Job...

    Any Ideas?

    Tx
Reply
  • 0 in reply to Sophos_iLIKE
    So there is no easy way to block tor?
    I also tried different ways. All without success.
    Application Control gives me a way to block Tor,
    but when starting a Tor Browser it works.
    Seems Application controll does not do its Job...

    Any Ideas?

    Tx
Children
No Data