Blog

Archive for Tor

Core-Admin integration for Tor Network tracking, analysis, tagging and blocking

[extoc]

Introduction to Core-Admin tor integration

Tor Network is an anonymizer network infrastructure, opened for everyone for use, that allows users to hide their location (mostly IP) or make it difficult to track (https://www.torproject.org/). As its function implies, it can be used to protect users from abuse and tracking.

However, you might be interested in have additional information about how Tor is used to access your services to implement analysis, apply policy or maybe blocking all traffic that might come from Tor (legitimate or not).

Due to the way Tor Network works, all exit nodes are public and can be downloaded. Combined with some tracking functions, it is possible to know if an IP belongs to Tor Network (as an exit node) or was part of it in the past.

Core-Admin provides an integration option that allows having all this information in an usable form so you can integrate it with your infrastructure:

core-admin-tor-integration

How to enable Tor Network Integration with Core-Admin

For that, open #IpBlocker application as shown:

Selección_336

and then, click to configure:

Selección_337

After that, click to enable Tor Integration as shown:

Selección_353

After enabling it, you will have in your system, an up to database information about Tor Exit-Nodes that are active or were active in the past.

How to use this information about Tor Exit-Nodes with Core-Admin

By enabling this basic integration you have different indications out of the box that can be used. Some of then are the following.

Support to get an indication if a Tor node is detected when checking #IpBlocker tool. That way you will be able to get additional information when checking attacks:

Selección_354

Also, you will also get additional information when requesting for a report about certain ip:

Selección_355

How to integrate Tor Network information provided by Core-Admin with MySQL

To start doing more advanced things, you might be interested in having all this information in a MySQL table (two tables) so you can implement your own queries.

This way, you can not only check, you can also make your application to tag, do quick searches or implement resource policy control and protection.
For example, you might want to deny or allow login if source connection is inside or not Tor Network.

To enable Tor Network integration with MySQL, follow next steps as shown, and input the database were you what the information to be exported and updated. You can configure several MySQL databases.

Core-Admin will keep that MySQL information updated, leaving the rest of the tables untouched. This can be used for empty dedicated MySQL or existing MySQL databases, with working data where a couple of tables will appear and keep updated so your application can access this information using current MySQL API.

Selección_356

How to block Tor Network with Core-Admin

In the case you don’t want any of your services to be available/reachable to any Tor Exit-Node, then use the following option. It will create automatically IP firewall blocking for all exit nodes found. These rules will be updated regularly removing old exit nodes, and adding new active exit nodes.

Selección_357

Command line options to manage Tor Network integration with Core-Admin

There are different options available through crad-ip-blocker.pyc tool. Run the following command to get information about them:

>> crad-ip-blocker.pyc  --help | grep tor
                        also removes old blocking history (retaining last
  --update-tor-exit-nodes-list
  --find-all-tor-access
  --check-tor-ip=IP[,IP2[,IP3]]
                        in tor (active,historic) network or not.
  --export-tor-tracking-to-mysql-db=DBNAME[,DBNAME2[,DBNAME3]]
  --dump-tor-tracking   Allows to dump all tor tracking information current
                        stored.
  --block-active-tor-nodes
                        Allows to block all tor actives nodes currently found.
                        /crad-ip-blocker.pyc --update-tor-exit-nodes-list to
  --unblock-active-tor-nodes
                        active-tor-nodes. Use this option to remove all rules
                        created by --block-active-tor-nodes options.

Something missing or have a doubt? We want to hear your opinion!

Please, if you have a question or a comment, contact us at support@core-admin.com (https://www.core-admin.com/portal/about-us/contact).

Posted in: Blacklist, Firewall, Tor

Leave a Comment (0) →