Core-Admin integration for Tor Network tracking, analysis, tagging and blocking
Introduction to Core-Admin tor integration
Tor Network is an anonymizer network infrastructure, opened for everyone for use, that allows users to hide their location (mostly IP) or make it difficult to track (https://www.torproject.org/). As its function implies, it can be used to protect users from abuse and tracking.
However, you might be interested in have additional information about how Tor is used to access your services to implement analysis, apply policy or maybe blocking all traffic that might come from Tor (legitimate or not).
Due to the way Tor Network works, all exit nodes are public and can be downloaded. Combined with some tracking functions, it is possible to know if an IP belongs to Tor Network (as an exit node) or was part of it in the past.
Core-Admin provides an integration option that allows having all this information in an usable form so you can integrate it with your infrastructure:
How to enable Tor Network Integration with Core-Admin
For that, open #IpBlocker application as shown:
and then, click to configure:
After that, click to enable Tor Integration as shown:
After enabling it, you will have in your system, an up to database information about Tor Exit-Nodes that are active or were active in the past.
How to use this information about Tor Exit-Nodes with Core-Admin
By enabling this basic integration you have different indications out of the box that can be used. Some of then are the following.
Support to get an indication if a Tor node is detected when checking #IpBlocker tool. That way you will be able to get additional information when checking attacks:
Also, you will also get additional information when requesting for a report about certain ip:
How to integrate Tor Network information provided by Core-Admin with MySQL
To start doing more advanced things, you might be interested in having all this information in a MySQL table (two tables) so you can implement your own queries.
This way, you can not only check, you can also make your application to tag, do quick searches or implement resource policy control and protection.
For example, you might want to deny or allow login if source connection is inside or not Tor Network.
To enable Tor Network integration with MySQL, follow next steps as shown, and input the database were you what the information to be exported and updated. You can configure several MySQL databases.
Core-Admin will keep that MySQL information updated, leaving the rest of the tables untouched. This can be used for empty dedicated MySQL or existing MySQL databases, with working data where a couple of tables will appear and keep updated so your application can access this information using current MySQL API.
How to block Tor Network with Core-Admin
In the case you don’t want any of your services to be available/reachable to any Tor Exit-Node, then use the following option. It will create automatically IP firewall blocking for all exit nodes found. These rules will be updated regularly removing old exit nodes, and adding new active exit nodes.
Command line options to manage Tor Network integration with Core-Admin
There are different options available through crad-ip-blocker.pyc tool. Run the following command to get information about them:
>> crad-ip-blocker.pyc --help | grep tor also removes old blocking history (retaining last --update-tor-exit-nodes-list --find-all-tor-access --check-tor-ip=IP[,IP2[,IP3]] in tor (active,historic) network or not. --export-tor-tracking-to-mysql-db=DBNAME[,DBNAME2[,DBNAME3]] --dump-tor-tracking Allows to dump all tor tracking information current stored. --block-active-tor-nodes Allows to block all tor actives nodes currently found. /crad-ip-blocker.pyc --update-tor-exit-nodes-list to --unblock-active-tor-nodes active-tor-nodes. Use this option to remove all rules created by --block-active-tor-nodes options.
Something missing or have a doubt? We want to hear your opinion!
Please, if you have a question or a comment, contact us at firstname.lastname@example.org (https://www.core-admin.com/portal/about-us/contact).
Posted in: Blacklist, Firewall, TorLeave a Comment (0) →