03-24-2017 03:46 AM - edited 03-12-2019 06:20 AM
Is it possible to determine users that connect to my services by proxy, vpn tunnels or TOR?
I know that IS can block by tor_exit_node, but I need only to determine.
Also I see that SFR can to determine applications like proxy and vpn, but it's not clear how to use it.
Who as defines such things?
03-27-2017 11:31 AM
It's unclear what you want to achieve. Can you refine your question? The sensors can detect user logins through some type of protocols, but I believe you want to achieve something else...
03-27-2017 09:06 PM
Sorry, I just want to see who comes to my sites via VPN or proxy, etc.
03-28-2017 03:03 AM
I haven't tried, but you can try to add the lists on Whitelist, deploy the policy and then check in Table View of Connection Events, Security Intelligence Category.
03-27-2017 04:04 PM
Hi,
There are security intelligence objects for Tor exit nodes. Once you enable them in the security rules for blocking or alerting any user traffic accessing the Tor exit nodes there will be an event generated for the same.
Hope this is what you are looking for.
03-27-2017 09:05 PM
1) This does not work very well. I tried to go to my services trough TOR many times and all times it worked, my sites were opened.
2) I do not need to block them, I need to know them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide