Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2634
Views
0
Helpful
2
Replies

ASA Botnet Filtering - Does it block Tor Exit nodes?

Joel Tyson
Level 1
Level 1

‎07-01-2013 06:37 AM - edited ‎03-11-2019 07:05 PM

Hello Group.   I am looking into to methods to block TOR network activity both inbound and outbound.   Outbound is pretty straightforward by utilizing IPS and AV signatures.   Inbound seems to be a little more involved.   Preventing inbound traffic requires blocking all of the TOR exiit nodes which comprise a list of multiple thousands of  IPs including small percentage  that are dynamic.   Does the ASA Botnet Filter encompass these IPs? 

Thanks in advance for any input.

/JT

Labels:
0 Helpful
2 Replies 2

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎07-02-2013 04:24 PM

Hi,

One of the sources that the Botnet traffic filter uses is senderbase.org (also it uses many others)so you can evaluate one of the IP address that you know that belongs to the TOR network and see what reputation it has (to see if the botnet feature will catch it); but remember that the main idea behind this feature is the botnet detection; and I don't think we can qualify this site as a botnet site.

Thanks,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful

nawir
Level 1
Level 1

‎10-19-2014 06:50 PM

My way to block tor is this

http://nbctcp.wordpress.com/2014/10/20/blocking-tor-browser-in-cisco-asa-5505/

0 Helpful
Review Cisco Networking for a $25 gift card
li.common.scroll-to.top