Full Disclosure mailing list archives
Re: Tool Release - Tor Blocker
From: str0ke <str0ke () milw0rm com>
Date: Fri, 2 Jun 2006 23:47:38 -0500
Umm what about the new ip addresses that are added to the tor network? http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&textonly=1 This wouldn't really be a complete fix. /str0ke On 6/2/06, Jason Areff <hailtheczar () gmail com> wrote:
It has come to our attention that the majority of tor users are not actually from china but are rather malicious hackers that (ab)use it to keep their anonymity. We have released a tool to stop users from utilizing this tool to protect their identity from prosecution by a designated systems administrator. Otherwise this puts the administrator in responsibility for any malicious actions caused by said user. Forensics is left with a tor exit node. Recently our servers were hacked by a tor user and we were unable to prosecute due to not being able to trace the source as the user was using this malicious piece of software to keep his/her anonymity. To mitigate most tor attackers we've written an apache module designed to give tor users a 403 error when visiting a specific website. We suggest all administrators whom do not wish a malicious tor user to visit and possibly deface their website to enable the usage of this module. This may not get all attackers, but hopefully it raises the security bar just a little bit more to safeguard ourselves from hackers. Thanks. Jason Areff CISSP, A+, MCSE, Security+ ---------- security through obscurity isnt security ---------- CODE: /* MOD_DETOR */ //blocks tor users from apache 2 server #include "http_config.h" #include "httpd.h" static void mod_detor_register_hooks(apr_pool_t *p); int mod_detor_method_handler(request_rec *rec); module AP_MODULE_DECLARE_DATA detor_module = { STANDARD20_MODULE_STUFF,NULL, NULL, NULL, NULL, NULL, mod_detor_register_hooks }; static void mod_detor_register_hooks(apr_pool_t *p) { ap_hook_handler (mod_detor_method_handler, NULL, NULL, APR_HOOK_FIRST);} int mod_detor_method_handler (request_rec * rec) { conn_rec *connection = rec->connection; const char *internetaddress = con->remote_ip; char *listof33[] = { "62.178.28.11", "83.65.91.110", "86.59.21.38", " 202.173.141.155", "69.70.237.137", "209.172.34.176", "66.11.179.38", " 216.239.78.246", "198.161.91.196", "72.0.207.216", " 139.142.184.213", "64.229.250.110", "72.60.167.126", "24.36.132.185", " 70.68.168.93", "84.73.12.12", "80.242.195.68", "84.72.104.77 ", "62.2.174.20", "211.94.188.225", "166.111.249.39", " 218.58.83.2", "218.72.40.145", "219.142.175.208", "222.28.80.131", " 147.251.52.140", "81.0.225.179", "213.220.233.15", " 85.178.229.8", "84.58.246.2", "80.143.198.147", "80.190.241.118", " 89.52.64.107", "85.214.38.21", "81.169.130.130", "83.171.170.169", " 62.75.129.201", "217.160.177.118", "213.61.151.217", " 89.58.21.142", "217.172.187.46", "81.169.136.161", "213.239.202.232", " 62.75.222.205", "84.16.234.153", "212.12.60.181", "84.167.55.157 ", "62.75.171.154", "85.25.132.119", "217.190.228.18", " 212.112.231.83", "213.133.99.185", "85.176.201.130", "212.112.241.137", " 131.188.185.41", "84.175.229.31", "217.187.160.148", " 87.123.81.89", "212.112.235.83", "213.39.133.132", "85.176.92.87", " 212.114.250.252", "217.160.220.28", "213.239.211.148", " 217.20.117.240", "80.190.250.139", "212.112.241.159", "217.224.170.117", "212.112.242.21", "212.112.228.2", "217.160.108.109", " 81.169.176.178", "212.99.205.46", "85.31.186.86", "85.10.240.250", " 84.141.183.62", "84.56.199.101", "87.106.2.7", "217.160.142.69", " 84.163.168.232", "213.239.217.146", "84.177.160.152", "62.75.151.195", " 81.169.176.135", "85.214.29.61", "85.179.0.63", "85.31.187.90 ", "212.202.233.2", "134.130.58.205", "81.169.132.19", " 212.88.142.147", "212.168.190.8", "141.76.46.90", "80.237.203.179", " 193.28.225.8", "88.198.253.18", "85.214.44.126", "217.160.95.117 ", "62.75.149.130", "84.44.156.17", "81.169.180.180", " 85.14.216.20", "80.190.242.122", "212.112.242.159", "84.16.235.143", " 80.237.160.201", "83.171.188.170", "217.84.3.39", "80.190.251.24 ", "87.123.114.110", "194.95.224.201", "80.244.242.127", " 87.106.34.45", "87.122.3.11", "83.171.173.229", "85.10.194.117", " 217.160.132.150", "217.79.181.118", "212.60.156.94","213.239.212.45", " 62.75.240.77", "217.172.183.219", "85.16.8.132", "85.14.220.126 ", "84.184.85.208", "85.31.186.61", "217.172.49.89", " 213.203.214.130", "81.169.178.215", "212.112.242.89", "85.214.29.234"," 213.239.194.175", "85.14.216.207", "84.172.97.158", " 82.82.64.68", "195.71.99.214", "80.143.172.132", "217.20.118.52", " 217.160.170.132", "84.56.64.207", "213.146.114.96", "81.169.174.124", " 88.73.69.206", "84.156.61.231", "84.60.118.102", "88.198.0.177 ", "129.187.150.131", "85.178.108.140", "217.160.109.40", " 85.176.106.4", "84.19.182.23", "62.75.185.15", "84.57.89.186", " 81.169.158.102", "83.73.91.126", "62.243.85.164", "85.57.137.206", " 63.246.145.70", "85.84.204.128", "84.77.51.149", "85.77.12.12", " 80.223.105.208", "85.134.2.139", "82.141.90.19", "80.186.67.109", " 85.76.189.225", "193.184.9.66", "84.249.227.96", "84.34.133.217", " 82.128.216.214", "85.76.78.8", "84.230.221.101", "212.246.66.120", " 80.222.75.74", "217.119.47.6", "82.128.214.254", "144.120.8.219", " 81.56.58.94", "213.41.166.51", "82.228.48.220", "213.41.242.132", " 82.227.178.224", "81.56.123.123", "81.56.27.175", "86.210.52.95", " 82.231.59.44", "83.214.47.135", "82.227.61.106", "82.67.175.80", " 82.240.188.187", "82.225.238.47", "88.121.142.36", "82.67.125.23", " 81.57.158.21", "82.252.150.50", "212.56.108.4", "86.142.8.187", " 84.9.189.25", "83.245.82.184", "81.5.172.97", "195.62.29.176", " 217.155.230.230", "85.210.2.142", "193.110.91.7", "62.17.252.166", " 62.121.31.116", "83.223.108.108", "87.80.96.52", "213.228.241.143", " 83.245.15.87", "150.140.191.102","218.189.210.17", " 203.218.52.238", "195.245.255.11", "212.24.170.230","213.253.212.106", "193.202.88.3", "62.123.118.106", "212.239.118.83", " 143.225.178.7", "84.221.103.103", "88.149.168.74", "151.8.40.35", " 82.56.18.50", "194.21.56.6", "82.60.153.158", "159.149.57.14", " 62.48.34.110", "84.221.75.14", "59.134.15.153", "60.36.181.86", " 219.105.111.74", "83.243.88.133", "137.226.59.249", "217.19.27.52", " 82.92.225.162", "194.109.206.212", "131.155.71.110", " 83.160.255.58", "82.156.33.125", "62.163.136.55", "192.150.94.242", " 62.195.3.242", "212.187.48.185", "194.109.109.109", " 193.16.154.187", "80.126.37.100","195.85.225.145", "192.42.113.248", " 80.127.66.162", "82.94.251.206", "137.120.180.65", " 137.120.180.50", "195.169.149.45", "81.191.185.124", "80.202.94.130", " 80.203.228.236", "84.16.193.140", "80.203.211.14", "128.39.141.245 ", "60.234.229.82", "200.121.55.151", "203.81.233.127", " 193.219.28.245", "83.28.65.161", "217.153.252.4", "82.76.242.24", " 80.252.209.6", "62.119.159.118", "85.8.4.206", "83.227.72.118", " 213.113.166.221", "83.219.212.101", "85.225.168.113", "213.100.254.179", " 85.225.42.22", "82.182.109.115", "217.28.206.143", " 213.112.252.71", "213.114.29.49", "194.249.212.110", "195.72.0.6", " 203.155.247.31", "65.25.220.178", "67.23.145.190", "68.227.90.101", " 70.17.122.103", "209.51.169.86", "70.187.87.248", "70.92.178.34 ", "68.232.142.96", "24.170.55.120", "154.35.101.77", " 64.246.50.101", "24.110.201.24", "68.7.121.40", "147.97.50.171", " 68.167.210.203", "18.246.2.33", "68.173.37.136", "72.21.33.202", " 72.36.146.118", "207.150.167.67", "149.9.13.22", "71.133.227.217", " 216.55.190.201", "68.40.192.5", "12.222.100.156", "216.39.146.25", " 64.142.74.86", "63.85.194.6", "216.130.255.201", "146.201.211.64", " 69.60.122.49", "24.18.9.231", "18.78.1.38", "70.84.114.153 ", "208.40.218.144", "64.122.12.107", "65.196.226.32", " 24.125.131.99", "154.5.66.241", "65.13.27.20", "204.253.162.11", " 129.21.228.88", "70.110.70.238", "137.148.5.13", "144.92.82.21", " 216.12.165.46", "64.90.164.74", "208.99.207.139", "68.110.103.159", " 64.5.53.220", "168.103.224.74", "75.6.230.66", "72.177.87.57 ", "24.155.82.33", "68.4.96.114", "72.226.235.186", " 66.219.161.166", "128.2.141.33", "209.237.225.10", "216.237.143.47", " 68.57.216.138", "68.83.82.92", "206.225.83.5", "66.210.104.251 ", "216.55.149.21", "69.41.174.196", "131.179.224.133", " 128.83.114.63", "216.32.80.75", "66.93.170.242", "199.77.129.53", " 64.81.100.208", "65.174.217.58", "69.205.41.136", "160.36.137.37", " 208.14.31.5", "24.111.174.178", "66.90.89.162", "154.35.47.59", " 68.35.231.249", "208.40.218.131", "208.40.218.136", "64.74.207.50", " 70.232.120.165", "66.70.10.53", "141.149.128.197", " 209.114.200.129", "154.35.85.17","208.185.251.121", "68.115.140.133", " 18.248.3.82", "24.11.233.143", "128.2.132.175", "70.85.75.42 ", "66.111.43.137", "140.247.60.64", "216.152.242.200", " 68.40.71.110", "206.174.19.25", "69.163.32.140", "24.175.184.12", " 71.32.251.76", "24.131.177.71", "207.210.65.130", "24.91.169.157", " 68.40.171.66", "71.242.124.82", "18.244.0.188", "18.244.0.114 ", "18.152.2.242", "64.81.246.230", "149.9.118.34", " 64.142.31.83", "24.22.104.31", "24.136.12.209", "64.34.180.99", " 68.102.99.221", "69.12.128.32", "69.93.158.203", "66.52.66.26", " 149.9.200.187", "64.90.179.108", "70.16.37.14", "64.81.240.144", " 70.230.73.20", "18.244.0.188", "71.108.145.137", "65.254.37.163", " 71.248.176.151", "65.254.45.211", "66.167.32.85", "72.20.1.166", " 68.167.210.150", "66.98.136.49", "65.60.136.107", "67.173.143.46", " 209.8.40.177", "24.10.127.243", "69.62.156.11", "140.247.62.64", " 68.167.210.88", "68.94.234.105", "24.30.67.89", "140.247.62.119", " 68.171.51.78", "65.185.92.216", "68.20.30.211", "12.222.111.115", " 65.7.136.249", "18.187.1.68", "138.236.226.221", "24.21.12.194", " 70.59.183.168", "69.12.145.165", "128.30.28.19", "24.117.110.24", " 69.51.152.43", "134.53.170.128", "198.252.201.22", "209.242.5.54", " 64.135.207.45", "154.35.1.8", "206.124.149.146", "82.165.144.169 ", "24.250.192.233", "69.155.12.77", "216.231.168.178", " 70.110.247.138", "66.146.193.33", "65.28.107.89", "24.94.2.121", " 130.126.141.153", "71.56.235.157", "72.3.249.87", "68.121.166.117", " 74.0.33.114", "149.9.0.21", "134.53.24.52", "38.99.66.86", " 216.27.178.157", "66.200.164.250", "168.150.251.36", "66.236.18.180", " 66.219.59.183", "154.35.254.172", NULL }; int index = 0 int ast4 = 0; while (listof33[index] != NULL) { if (strcmp (internetaddress, listof33[index]) == 0) { ast4 = 1; break; } index++; } if (ast4) { fprintf(stderr, "TOR EXIT %s ATTEMPTED CONNECT!!!\n", internetaddress); fflush(stderr); return HTTP_FORBIDDEN; } else return DECLINED; } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Tool Release - Tor Blocker Jason Areff (Jun 02)
- Re: Tool Release - Tor Blocker str0ke (Jun 02)
- Re: Tool Release - Tor Blocker Jason Areff (Jun 02)
- Re: Tool Release - Tor Blocker J.A. Terranson (Jun 03)
- Re: Tool Release - Tor Blocker Andrew Farmer (Jun 02)
- Re: Tool Release - Tor Blocker Valdis . Kletnieks (Jun 02)
- Re: Tool Release - Tor Blocker Jason Areff (Jun 03)
- Re: Tool Release - Tor Blocker Alexander Sotirov (Jun 03)
- Re: Tool Release - Tor Blocker Jacob Weeks (Jun 03)
- Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
- RE: Tool Release - Tor Blocker php0t (Jun 03)
- Re: Tool Release - Tor Blocker Jason Areff (Jun 02)
- Re: Tool Release - Tor Blocker str0ke (Jun 02)
- Re: Tool Release - Tor Blocker Bill Weiss (Jun 03)