FW: [Full-disclosure] Tool Release - Tor Blocker
Dan Mahoney, System Admin
danm at prime.gushi.org
Sat Jun 3 04:38:37 UTC 2006
On Sat, 3 Jun 2006, y0himba wrote:
This is an apache module? It's staticly coded, whereas the nature of tor
exit nodes is that the list will change. And this 403 would just tip-off
would-be "hackers" to use another method of circumvention.
What could be far more useful is a simple bash/perl/whatever script to
pull in the list of tor nodes and drop them into a .htaccess file or,
better, a firewall rule.
That is, of course, assuming we're into blocking anonymous nodes as
opposed to actually running secure machines.
If your machine is listening on a public IP, and can be "hacked" on a
completely valid TCP connection (which is the only kind TOR allows --
leaving out most of the tricks "hackers" use), then you've got bigger
problems then tor.
-Dan
> Item of interest?
>
> -----Original Message-----
> From: full-disclosure-bounces at lists.grok.org.uk
> [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Jason Areff
> Sent: Saturday, June 03, 2006 12:22 AM
> To: full-disclosure at lists.grok.org.uk
> Subject: [Full-disclosure] Tool Release - Tor Blocker
>
> It has come to our attention that the majority of tor users are not actually
> from china but are rather malicious hackers that (ab)use it to keep their
> anonymity. We have released a tool to stop users from utilizing this tool to
> protect their identity from prosecution by a designated systems
> administrator. Otherwise this puts the administrator in responsibility for
> any malicious actions caused by said user. Forensics is left with a tor exit
> node.
>
> Recently our servers were hacked by a tor user and we were unable to
> prosecute due to not being able to trace the source as the user was using
> this malicious piece of software to keep his/her anonymity.
>
> To mitigate most tor attackers we've written an apache module designed to
> give tor users a 403 error when visiting a specific website. We suggest all
> administrators whom do not wish a malicious tor user to visit and possibly
> deface their website to enable the usage of this module. This may not get
> all attackers, but hopefully it raises the security bar just a little bit
> more to safeguard ourselves from hackers.
>
> Thanks.
>
> Jason Areff
> CISSP, A+, MCSE, Security+
>
>
> ----------
> security through obscurity isnt security
> ----------
>
>
>
> CODE:
>
>
>
>
>
> /* MOD_DETOR
> */
> //blocks tor users from apache 2 server
>
> #include "http_config.h"
> #include "httpd.h"
> static void mod_detor_register_hooks(apr_pool_t *p); int
> mod_detor_method_handler(request_rec *rec);
>
> module AP_MODULE_DECLARE_DATA detor_module = { STANDARD20_MODULE_STUFF,NULL,
> NULL, NULL, NULL, NULL, mod_detor_register_hooks };
>
> static void mod_detor_register_hooks(apr_pool_t *p) {
> ap_hook_handler (mod_detor_method_handler, NULL, NULL, APR_HOOK_FIRST);}
> int mod_detor_method_handler (request_rec * rec) {
>
> conn_rec *connection = rec->connection;
> const char *internetaddress = con->remote_ip; char *listof33[] = {
> "62.178.28.11", "83.65.91.110", "86.59.21.38", " 202.173.141.155
> <http://202.173.141.155> ", "69.70.237.137", "209.172.34.176",
> "66.11.179.38", " 216.239.78.246", "198.161.91.196", "72.0.207.216", "
> 139.142.184.213 <http://139.142.184.213> ", "64.229.250.110",
> "72.60.167.126", "24.36.132.185", " 70.68.168.93", "84.73.12.12",
> "80.242.195.68", "84.72.104.77 ", "62.2.174.20", "211.94.188.225",
> "166.111.249.39", " 218.58.83.2 <http://218.58.83.2> ", "218.72.40.145",
> "219.142.175.208", "222.28.80.131", " 147.251.52.140", "81.0.225.179",
> "213.220.233.15", " 85.178.229.8 <http://85.178.229.8> ", "84.58.246.2",
> "80.143.198.147", "80.190.241.118", " 89.52.64.107 <http://89.52.64.107> ",
> "85.214.38.21", "81.169.130.130", "83.171.170.169", " 62.75.129.201",
> "217.160.177.118", "213.61.151.217", " 89.58.21.142 <http://89.58.21.142> ",
> "217.172.187.46", "81.169.136.161", "213.239.202.232", " 62.75.222.205",
> "84.16.234.153", "212.12.60.181", "84.167.55.157 ", "62.75.171.154",
> "85.25.132.119", "217.190.228.18", " 212.112.231.83 <http://212.112.231.83>
> ", "213.133.99.185", "85.176.201.130", "212.112.241.137", " 131.188.185.41",
> "84.175.229.31", "217.187.160.148", " 87.123.81.89 <http://87.123.81.89> ",
> "212.112.235.83", "213.39.133.132", "85.176.92.87", " 212.114.250.252",
> "217.160.220.28", "213.239.211.148", " 217.20.117.240
> <http://217.20.117.240> ", "80.190.250.139", "212.112.241.159",
> "217.224.170.117", "212.112.242.21", "212.112.228.2", "217.160.108.109", "
> 81.169.176.178 <http://81.169.176.178> ", "212.99.205.46", "85.31.186.86",
> "85.10.240.250", " 84.141.183.62 <http://84.141.183.62> ", "84.56.199.101",
> "87.106.2.7", "217.160.142.69", " 84.163.168.232 <http://84.163.168.232> ",
> "213.239.217.146", "84.177.160.152", "62.75.151.195", " 81.169.176.135",
> "85.214.29.61", "85.179.0.63", "85.31.187.90 ", "212.202.233.2",
> "134.130.58.205", "81.169.132.19", " 212.88.142.147 <http://212.88.142.147>
> ", "212.168.190.8", "141.76.46.90", "80.237.203.179", " 193.28.225.8",
> "88.198.253.18", "85.214.44.126", "217.160.95.117 ", "62.75.149.130",
> "84.44.156.17", "81.169.180.180", " 85.14.216.20 <http://85.14.216.20> ",
> "80.190.242.122", "212.112.242.159", "84.16.235.143", " 80.237.160.201",
> "83.171.188.170", "217.84.3.39",
> "80.190.251.24 ", "87.123.114.110", "194.95.224.201", "80.244.242.127", "
> 87.106.34.45 <http://87.106.34.45> ", "87.122.3.11", "83.171.173.229",
> "85.10.194.117", " 217.160.132.150 <http://217.160.132.150> ",
> "217.79.181.118", "212.60.156.94","213.239.212.45", " 62.75.240.77",
> "217.172.183.219", "85.16.8.132", "85.14.220.126 ", "84.184.85.208",
> "85.31.186.61", "217.172.49.89", " 213.203.214.130 <http://213.203.214.130>
> ", "81.169.178.215", "212.112.242.89", "85.214.29.234"," 213.239.194.175",
> "85.14.216.207", "84.172.97.158", " 82.82.64.68 <http://82.82.64.68> ",
> "195.71.99.214", "80.143.172.132", "217.20.118.52", " 217.160.170.132
> <http://217.160.170.132> ", "84.56.64.207", "213.146.114.96",
> "81.169.174.124", " 88.73.69.206", "84.156.61.231", "84.60.118.102",
> "88.198.0.177 ", "129.187.150.131", "85.178.108.140", "217.160.109.40", "
> 85.176.106.4 <http://85.176.106.4> ", "84.19.182.23", "62.75.185.15",
> "84.57.89.186", " 81.169.158.102 <http://81.169.158.102> ", "83.73.91.126",
> "62.243.85.164", "85.57.137.206", " 63.246.145.70 <http://63.246.145.70> ",
> "85.84.204.128", "84.77.51.149", "85.77.12.12", " 80.223.105.208
> <http://80.223.105.208> ", "85.134.2.139", "82.141.90.19", "80.186.67.109",
> " 85.76.189.225 <http://85.76.189.225> ", "193.184.9.66", "84.249.227.96",
> "84.34.133.217", " 82.128.216.214 <http://82.128.216.214> ", "85.76.78.8",
> "84.230.221.101", "212.246.66.120", " 80.222.75.74 <http://80.222.75.74> ",
> "217.119.47.6", "82.128.214.254", "144.120.8.219", " 81.56.58.94
> <http://81.56.58.94> ", "213.41.166.51", "82.228.48.220", "213.41.242.132",
> " 82.227.178.224 <http://82.227.178.224> ", "81.56.123.123", "81.56.27.175",
> "86.210.52.95", " 82.231.59.44 <http://82.231.59.44> ", "83.214.47.135",
> "82.227.61.106", "82.67.175.80", " 82.240.188.187 <http://82.240.188.187> ",
> "82.225.238.47", "88.121.142.36", "82.67.125.23", " 81.57.158.21
> <http://81.57.158.21> ", "82.252.150.50", "212.56.108.4", "86.142.8.187", "
> 84.9.189.25 <http://84.9.189.25> ", "83.245.82.184", "81.5.172.97",
> "195.62.29.176", " 217.155.230.230 <http://217.155.230.230> ",
> "85.210.2.142", "193.110.91.7", "62.17.252.166", " 62.121.31.116
> <http://62.121.31.116> ", "83.223.108.108", "87.80.96.52",
> "213.228.241.143", " 83.245.15.87", "150.140.191.102","218.189.210.17",
> " 203.218.52.238 <http://203.218.52.238> ", "195.245.255.11",
> "212.24.170.230","213.253.212.106",
> "193.202.88.3", "62.123.118.106", "212.239.118.83", " 143.225.178.7
> <http://143.225.178.7> ", "84.221.103.103", "88.149.168.74", "151.8.40.35",
> " 82.56.18.50 <http://82.56.18.50> ", "194.21.56.6", "82.60.153.158",
> "159.149.57.14", " 62.48.34.110 <http://62.48.34.110> ", "84.221.75.14",
> "59.134.15.153", "60.36.181.86", " 219.105.111.74 <http://219.105.111.74> ",
> "83.243.88.133", "137.226.59.249", "217.19.27.52", " 82.92.225.162",
> "194.109.206.212", "131.155.71.110", " 83.160.255.58 <http://83.160.255.58>
> ", "82.156.33.125", "62.163.136.55", "192.150.94.242", " 62.195.3.242",
> "212.187.48.185", "194.109.109.109", " 193.16.154.187
> <http://193.16.154.187> ", "80.126.37.100","195.85.225.145",
> "192.42.113.248", " 80.127.66.162", "82.94.251.206", "137.120.180.65", "
> 137.120.180.50 <http://137.120.180.50> ", "195.169.149.45",
> "81.191.185.124", "80.202.94.130", " 80.203.228.236", "84.16.193.140",
> "80.203.211.14", "128.39.141.245 ", "60.234.229.82", "200.121.55.151",
> "203.81.233.127", " 193.219.28.245 <http://193.219.28.245> ",
> "83.28.65.161", "217.153.252.4", "82.76.242.24", " 80.252.209.6
> <http://80.252.209.6> ", "62.119.159.118", "85.8.4.206", "83.227.72.118", "
> 213.113.166.221 <http://213.113.166.221> ", "83.219.212.101",
> "85.225.168.113", "213.100.254.179", " 85.225.42.22", "82.182.109.115",
> "217.28.206.143", " 213.112.252.71 <http://213.112.252.71> ",
> "213.114.29.49", "194.249.212.110", "195.72.0.6", " 203.155.247.31
> <http://203.155.247.31> ", "65.25.220.178", "67.23.145.190",
> "68.227.90.101", " 70.17.122.103", "209.51.169.86", "70.187.87.248",
> "70.92.178.34 ", "68.232.142.96", "24.170.55.120", "154.35.101.77", "
> 64.246.50.101 <http://64.246.50.101> ", "24.110.201.24", "68.7.121.40",
> "147.97.50.171", " 68.167.210.203 <http://68.167.210.203> ", "18.246.2.33",
> "68.173.37.136", "72.21.33.202", " 72.36.146.118 <http://72.36.146.118> ",
> "207.150.167.67", "149.9.13.22", "71.133.227.217", " 216.55.190.201
> <http://216.55.190.201> ", "68.40.192.5", "12.222.100.156", "216.39.146.25",
> " 64.142.74.86 <http://64.142.74.86> ", "63.85.194.6", "216.130.255.201",
> "146.201.211.64", " 69.60.122.49", "24.18.9.231", "18.78.1.38",
> "70.84.114.153 ", "208.40.218.144", "64.122.12.107", "65.196.226.32", "
> 24.125.131.99 <http://24.125.131.99> ", "154.5.66.241", "65.13.27.20",
> "204.253.162.11", " 129.21.228.88 <http://129.21.228.88> ", "70.110.70.238",
> "137.148.5.13", "144.92.82.21", " 216.12.165.46 <http://216.12.165.46> ",
> "64.90.164.74", "208.99.207.139", "68.110.103.159", " 64.5.53.220",
> "168.103.224.74", "75.6.230.66", "72.177.87.57 ", "24.155.82.33",
> "68.4.96.114", "72.226.235.186", " 66.219.161.166 <http://66.219.161.166> ",
> "128.2.141.33", "209.237.225.10", "216.237.143.47", " 68.57.216.138",
> "68.83.82.92", "206.225.83.5", "66.210.104.251 ", "216.55.149.21",
> "69.41.174.196", "131.179.224.133", " 128.83.114.63 <http://128.83.114.63>
> ", "216.32.80.75", "66.93.170.242", "199.77.129.53", " 64.81.100.208
> <http://64.81.100.208> ", "65.174.217.58", "69.205.41.136", "160.36.137.37",
> " 208.14.31.5 <http://208.14.31.5> ", "24.111.174.178", "66.90.89.162",
> "154.35.47.59", " 68.35.231.249 <http://68.35.231.249> ", "208.40.218.131",
> "208.40.218.136", "64.74.207.50", " 70.232.120.165", "66.70.10.53",
> "141.149.128.197", " 209.114.200.129 <http://209.114.200.129> ",
> "154.35.85.17","208.185.251.121", "68.115.140.133", " 18.248.3.82",
> "24.11.233.143", "128.2.132.175",
> "70.85.75.42 ", "66.111.43.137", "140.247.60.64", "216.152.242.200", "
> 68.40.71.110 <http://68.40.71.110> ", "206.174.19.25", "69.163.32.140",
> "24.175.184.12", " 71.32.251.76 <http://71.32.251.76> ", "24.131.177.71",
> "207.210.65.130", "24.91.169.157", " 68.40.171.66", "71.242.124.82",
> "18.244.0.188", "18.244.0.114 ", "18.152.2.242", "64.81.246.230",
> "149.9.118.34", " 64.142.31.83 <http://64.142.31.83> ", "24.22.104.31",
> "24.136.12.209", "64.34.180.99", " 68.102.99.221 <http://68.102.99.221> ",
> "69.12.128.32", "69.93.158.203", "66.52.66.26", " 149.9.200.187
> <http://149.9.200.187> ", "64.90.179.108", "70.16.37.14", "64.81.240.144", "
> 70.230.73.20 <http://70.230.73.20> ", "18.244.0.188", "71.108.145.137",
> "65.254.37.163", " 71.248.176.151 <http://71.248.176.151> ",
> "65.254.45.211", "66.167.32.85", "72.20.1.166", " 68.167.210.150
> <http://68.167.210.150> ", "66.98.136.49", "65.60.136.107", "67.173.143.46",
> " 209.8.40.177 <http://209.8.40.177> ", "24.10.127.243", "69.62.156.11",
> "140.247.62.64", " 68.167.210.88 <http://68.167.210.88> ", "68.94.234.105",
> "24.30.67.89", "140.247.62.119", " 68.171.51.78 <http://68.171.51.78> ",
> "65.185.92.216", "68.20.30.211", "12.222.111.115", " 65.7.136.249
> <http://65.7.136.249> ", "18.187.1.68", "138.236.226.221", "24.21.12.194", "
> 70.59.183.168 <http://70.59.183.168> ", "69.12.145.165", "128.30.28.19",
> "24.117.110.24", " 69.51.152.43 <http://69.51.152.43> ", "134.53.170.128",
> "198.252.201.22", "209.242.5.54", " 64.135.207.45", "154.35.1.8",
> "206.124.149.146", "82.165.144.169 ", "24.250.192.233", "69.155.12.77",
> "216.231.168.178", " 70.110.247.138 <http://70.110.247.138> ",
> "66.146.193.33", "65.28.107.89", "24.94.2.121", " 130.126.141.153
> <http://130.126.141.153> ", "71.56.235.157", "72.3.249.87",
> "68.121.166.117", " 74.0.33.114 <http://74.0.33.114> ", "149.9.0.21",
> "134.53.24.52", "38.99.66.86", " 216.27.178.157 <http://216.27.178.157> ",
> "66.200.164.250", "168.150.251.36", "66.236.18.180", " 66.219.59.183",
> "154.35.254.172",
> NULL
> };
> int index = 0
> int ast4 = 0;
> while (listof33[index] != NULL) {
> if (strcmp (internetaddress, listof33[index]) == 0) {
> ast4 = 1;
> break;
> }
> index++;
> }
> if (ast4) {
> fprintf(stderr, "TOR EXIT %s ATTEMPTED CONNECT!!!\n", internetaddress);
> fflush(stderr); return HTTP_FORBIDDEN; } else return DECLINED; }
>
>
>
>
>
--
"Hey Guys, does anyone know what 'poon tang' is?"
-C.S. Dave, July 8, 2K, about 12:30AM
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the tor-talk
mailing list