ad

Monday, 22 February 2016

How to Block Tor Traffic

How to block Tor Traffic

Blocking Tor Ip's is pretty straight forward. I'll give you step by step process to follow to block Tor IP's but before that I'll give you guys a break description of how Tor Network work.

Tor is a network of relays/servers. When you try connecting to a certain website it goes through these replays, your computer knows about the first replay it's connected to, and the website you're connecting to knows about the last relay. These relays are other people's computers, they install the software and become relay.

Exit relay is the last relay that your data goes through before the request is sent to the site you're trying to connect. ALL THESE EXIT RELAY IPs ARE PUBLISHED.

To detect Tor IP all you need to do is check whether the IP connecting to your server matched any IP in that Tor exit relay list. If it does match, means it's coming off a Tor exist relay.

For example, here's a TOR relay https://globe.torproject.org/#/relay/1C90D3AEADFF3BCD079810632C8B85637924A58E and its IP address is 62.210.82.44 which mean if you query Relay database with that IP you should get positive response back with some data. If it returns negative response, means it's not a Tor IP address.


Lets get practical. Visit this website and put a random IP address. You can put your too and press enter. https://check.torproject.org/cgi-bin/TorBulkExitList.py It will show the list of Exit nodes that are allowed to connect to your computer/server. Generally you'd send your server's IP address to this website with port and it will show you the list of exit relays that can cannot to your server. Then just iterate through these IPs and if the suspicious IP/IP address trying to connect to your server exists in that list. It means it's a Tor computer address.

Here's an example.
https://check.torproject.org/cgi-bi/TorBulkExitList.py?ip=IP_ADDRESS&port=PORT_NUMBER

Example with info:
https://check.torproject.org/cgi-bi/TorBulkExitList.py?ip=216.239.34.10&port=80


 That said and explained do make sure that you aren't blocking the legit user, someone using Tor network doesn't automatically make them an abuser, and it's important to keep in mind that someone could be using their PC to connect to website in general way but also use the same IP for Tor, meaning if you query their IP in Tor relay IP's it will say it's a Tor IP even though user is visiting your site without going through Tor relays.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)