Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Botnet Filtering - Does it block Tor Exit nodes?

Hello Group.   I am looking into to methods to block TOR network activity both inbound and outbound.   Outbound is pretty straightforward by utilizing IPS and AV signatures.   Inbound seems to be a little more involved.   Preventing inbound traffic requires blocking all of the TOR exiit nodes which comprise a list of multiple thousands of  IPs including small percentage  that are dynamic.   Does the ASA Botnet Filter encompass these IPs? 

Thanks in advance for any input.

/JT

2 REPLIES
Cisco Employee

ASA Botnet Filtering - Does it block Tor Exit nodes?

Hi,

One of the sources that the Botnet traffic filter uses is senderbase.org (also it uses many others)so you can evaluate one of the IP address that you know that belongs to the TOR network and see what reputation it has (to see if the botnet feature will catch it); but remember that the main idea behind this feature is the botnet detection; and I don't think we can qualify this site as a botnet site.

Thanks,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva "If you need PDI (Planning, Design, Implement) assistance feel free to reach us" http://www.cisco.com/web/partners/tools/pdihd.html
New Member

My way to block tor is

My way to block tor is this

http://nbctcp.wordpress.com/2014/10/20/blocking-tor-browser-in-cisco-asa-5505/

1562
Views
0
Helpful
2
Replies