Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2343
Views
0
Helpful
2
Replies

ASA Botnet Filtering - Does it block Tor Exit nodes?

Joel Tyson
Level 1
Level 1

‎07-01-2013 06:37 AM - edited ‎03-11-2019 07:05 PM

Hello Group.   I am looking into to methods to block TOR network activity both inbound and outbound.   Outbound is pretty straightforward by utilizing IPS and AV signatures.   Inbound seems to be a little more involved.   Preventing inbound traffic requires blocking all of the TOR exiit nodes which comprise a list of multiple thousands of  IPs including small percentage  that are dynamic.   Does the ASA Botnet Filter encompass these IPs? 

Thanks in advance for any input.

/JT

Labels:
0 Helpful
2 Replies 2

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎07-02-2013 04:24 PM

Hi,

One of the sources that the Botnet traffic filter uses is senderbase.org (also it uses many others)so you can evaluate one of the IP address that you know that belongs to the TOR network and see what reputation it has (to see if the botnet feature will catch it); but remember that the main idea behind this feature is the botnet detection; and I don't think we can qualify this site as a botnet site.

Thanks,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful

nawir
Level 1
Level 1

‎10-19-2014 06:50 PM

My way to block tor is this

http://nbctcp.wordpress.com/2014/10/20/blocking-tor-browser-in-cisco-asa-5505/

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card