• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Blocking TOR Application

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Blocking TOR Application Page: [1]
Message << Older Topic   Newer Topic >>
Blocking TOR Application - 5.Nov.2007 3:57:42 PM   


Posts: 36
Joined: 17.Oct.2005
From: Brantford, Ontario
Status: offline
I recently discovered (through traffic analysis) that one of my users is running an application called TOR (see http://www.torproject.org/index.html.en). Long story short he claims he is using it to redirect non-HTTP traffic through port 80, becuase we have that allowed for all users. My bigger concern is that this application also allows bandwidth sharing and from what I read on the TOR website, can actually lead to legal threats being made against my organization if illegal or questionable activities are relayed through our IP.

So the problem is that it can use any port the user sets and will simply redirect through whatever we have available. How do I block against that?

Post #: 1
RE: Blocking TOR Application - 5.Nov.2007 7:04:51 PM   


Posts: 547
Joined: 16.Mar.2005
Status: offline
Something sounds fishy here.  If you are using the ISA Web Proxy filter correctly, non-HTTP traffic over port 80 should fail because it would be rejected by ISA with 400 bad request.  Did you unhook the web proxy from the http protocol or something?  Is there some way that your users can route out of your LAN without going through ISA?  If you have another firewall as your gateway, it should block all port 80 access except from your ISA server!

The only other thing I can think of is that maybe the tor proxy is hiding its traffic inside valid looking HTTP requests/responses, but I'm not under the impression hat Tor has that capability...

As for your question of legal risks, IANAlawyer, but as long as your user is not running a tor "exit node" (which he is probably not), then by design it is unlikely that tor traffic will be traced back through your IPs.  The whole point is to use the onion routing to bounce traffic through so many layers that tracing is not possible.  It's the people and orgs that run "exit nodes" (where the tor traffic merges back to the normal internet) that get hammered with legal hassles.  All tor users' traffic appears to be coming out of these nodes, and so they often draw attention of law enforcement.

On a higher level note, if you have users running Tor on your lan without permission then IMO you really should keep an eye on those guys.  Tor is a fairly sophisticated thing that your average luser wouldn't even know about, much less figure out how to use.  I'd be far more worried about what your users are really using it for (and potentially bringing into and storing on your hosts) than what other tor network users might be transiently bouncing through the node.

(in reply to tbone2k)
Post #: 2
RE: Blocking TOR Application - 7.Nov.2007 3:20:46 PM   


Posts: 36
Joined: 17.Oct.2005
From: Brantford, Ontario
Status: offline
Thanks for your insight. I'm still trying to sort out what the previous admin has done as far as the ISA settings go. It seems that every time I try to change something to make it more secure, something else breaks. So in fixing all of this up, I may fix the TOR problem at the same time.

(in reply to ferrix)
Post #: 3
RE: Blocking TOR Application - 9.Jan.2011 12:04:09 AM   


Posts: 31
Joined: 4.Aug.2010
Status: offline
Hello buddy

Did you get any solution to this problem or block TOR through firewall tmg 2010


Rohan Gaur
System Administrator.

(in reply to tbone2k)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Blocking TOR Application Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts