lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Jun 3 05:47:46 2006 From: str0ke at milw0rm.com (str0ke) Subject: Tool Release - Tor Blocker Umm what about the new ip addresses that are added to the tor network? http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&textonly=1 This wouldn't really be a complete fix. /str0ke On 6/2/06, Jason Areff <hailtheczar@...il.com> wrote: > It has come to our attention that the majority of tor users are not actually > from china but are rather malicious hackers that (ab)use it to keep their > anonymity. We have released a tool to stop users from utilizing this tool to > protect their identity from prosecution by a designated systems > administrator. Otherwise this puts the administrator in responsibility for > any malicious actions caused by said user. Forensics is left with a tor exit > node. > > > Recently our servers were hacked by a tor user and we were unable to > prosecute due to not being able to trace the source as the user was using > this malicious piece of software to keep his/her anonymity. > > > To mitigate most tor attackers we've written an apache module designed to > give tor users a 403 error when visiting a specific website. We suggest all > administrators whom do not wish a malicious tor user to visit and possibly > deface their website to enable the usage of this module. This may not get > all attackers, but hopefully it raises the security bar just a little bit > more to safeguard ourselves from hackers. > > Thanks. > > Jason Areff > CISSP, A+, MCSE, Security+ > > > ---------- > security through obscurity isnt security > ---------- > > > > CODE: > > > > > > /* MOD_DETOR > */ > //blocks tor users from apache 2 server > > #include "http_config.h" > #include "httpd.h" > static void mod_detor_register_hooks(apr_pool_t *p); > int mod_detor_method_handler(request_rec *rec); > > module AP_MODULE_DECLARE_DATA detor_module = { > STANDARD20_MODULE_STUFF,NULL, NULL, NULL, NULL, NULL, > mod_detor_register_hooks }; > > static void mod_detor_register_hooks(apr_pool_t *p) { > ap_hook_handler (mod_detor_method_handler, NULL, NULL, APR_HOOK_FIRST);} > int mod_detor_method_handler (request_rec * rec) { > > conn_rec *connection = rec->connection; > const char *internetaddress = con->remote_ip; > char *listof33[] = { > "62.178.28.11", "83.65.91.110", "86.59.21.38", " 202.173.141.155", > "69.70.237.137", "209.172.34.176", "66.11.179.38", " 216.239.78.246", > "198.161.91.196", "72.0.207.216", " 139.142.184.213", "64.229.250.110", > "72.60.167.126", "24.36.132.185", " 70.68.168.93", "84.73.12.12", > "80.242.195.68", "84.72.104.77 ", "62.2.174.20", "211.94.188.225", > "166.111.249.39", " 218.58.83.2", "218.72.40.145", "219.142.175.208", > "222.28.80.131", " 147.251.52.140", "81.0.225.179", "213.220.233.15", > " 85.178.229.8", "84.58.246.2", "80.143.198.147", "80.190.241.118", > " 89.52.64.107", "85.214.38.21", "81.169.130.130", "83.171.170.169", > " 62.75.129.201", "217.160.177.118", "213.61.151.217", " 89.58.21.142", > "217.172.187.46", "81.169.136.161", "213.239.202.232", " 62.75.222.205", > "84.16.234.153", "212.12.60.181", "84.167.55.157 ", "62.75.171.154", > "85.25.132.119", "217.190.228.18", " 212.112.231.83", "213.133.99.185", > "85.176.201.130", "212.112.241.137", " 131.188.185.41", "84.175.229.31", > "217.187.160.148", " 87.123.81.89", "212.112.235.83", "213.39.133.132", > "85.176.92.87", " 212.114.250.252", "217.160.220.28", "213.239.211.148", > " 217.20.117.240", "80.190.250.139", "212.112.241.159", "217.224.170.117", > "212.112.242.21", "212.112.228.2", "217.160.108.109", " 81.169.176.178", > "212.99.205.46", "85.31.186.86", "85.10.240.250", " 84.141.183.62", > "84.56.199.101", "87.106.2.7", "217.160.142.69", " 84.163.168.232", > "213.239.217.146", "84.177.160.152", "62.75.151.195", " 81.169.176.135", > "85.214.29.61", "85.179.0.63", "85.31.187.90 ", "212.202.233.2", > "134.130.58.205", "81.169.132.19", " 212.88.142.147", "212.168.190.8", > "141.76.46.90", "80.237.203.179", " 193.28.225.8", "88.198.253.18", > "85.214.44.126", "217.160.95.117 ", "62.75.149.130", "84.44.156.17", > "81.169.180.180", " 85.14.216.20", "80.190.242.122", "212.112.242.159", > "84.16.235.143", " 80.237.160.201", "83.171.188.170", "217.84.3.39", > "80.190.251.24 ", "87.123.114.110", "194.95.224.201", "80.244.242.127", > " 87.106.34.45", "87.122.3.11", "83.171.173.229", "85.10.194.117", > " 217.160.132.150", "217.79.181.118", "212.60.156.94","213.239.212.45", > " 62.75.240.77", "217.172.183.219", "85.16.8.132", "85.14.220.126 ", > "84.184.85.208", "85.31.186.61", "217.172.49.89", " 213.203.214.130", > "81.169.178.215", "212.112.242.89", "85.214.29.234"," 213.239.194.175", > "85.14.216.207", "84.172.97.158", " 82.82.64.68", "195.71.99.214", > "80.143.172.132", "217.20.118.52", " 217.160.170.132", "84.56.64.207", > "213.146.114.96", "81.169.174.124", " 88.73.69.206", "84.156.61.231", > "84.60.118.102", "88.198.0.177 ", "129.187.150.131", "85.178.108.140", > "217.160.109.40", " 85.176.106.4", "84.19.182.23", "62.75.185.15", > "84.57.89.186", " 81.169.158.102", "83.73.91.126", "62.243.85.164", > "85.57.137.206", " 63.246.145.70", "85.84.204.128", "84.77.51.149", > "85.77.12.12", " 80.223.105.208", "85.134.2.139", "82.141.90.19", > "80.186.67.109", " 85.76.189.225", "193.184.9.66", "84.249.227.96", > "84.34.133.217", " 82.128.216.214", "85.76.78.8", "84.230.221.101", > "212.246.66.120", " 80.222.75.74", "217.119.47.6", "82.128.214.254", > "144.120.8.219", " 81.56.58.94", "213.41.166.51", "82.228.48.220", > "213.41.242.132", " 82.227.178.224", "81.56.123.123", "81.56.27.175", > "86.210.52.95", " 82.231.59.44", "83.214.47.135", "82.227.61.106", > "82.67.175.80", " 82.240.188.187", "82.225.238.47", "88.121.142.36", > "82.67.125.23", " 81.57.158.21", "82.252.150.50", "212.56.108.4", > "86.142.8.187", " 84.9.189.25", "83.245.82.184", "81.5.172.97", > "195.62.29.176", " 217.155.230.230", "85.210.2.142", "193.110.91.7", > "62.17.252.166", " 62.121.31.116", "83.223.108.108", "87.80.96.52", > "213.228.241.143", " 83.245.15.87", "150.140.191.102","218.189.210.17", > " 203.218.52.238", "195.245.255.11", "212.24.170.230","213.253.212.106", > "193.202.88.3", "62.123.118.106", "212.239.118.83", " 143.225.178.7", > "84.221.103.103", "88.149.168.74", "151.8.40.35", " 82.56.18.50", > "194.21.56.6", "82.60.153.158", "159.149.57.14", " 62.48.34.110", > "84.221.75.14", "59.134.15.153", "60.36.181.86", " 219.105.111.74", > "83.243.88.133", "137.226.59.249", "217.19.27.52", " 82.92.225.162", > "194.109.206.212", "131.155.71.110", " 83.160.255.58", "82.156.33.125", > "62.163.136.55", "192.150.94.242", " 62.195.3.242", "212.187.48.185", > "194.109.109.109", " 193.16.154.187", "80.126.37.100","195.85.225.145", > "192.42.113.248", " 80.127.66.162", "82.94.251.206", "137.120.180.65", > " 137.120.180.50", "195.169.149.45", "81.191.185.124", "80.202.94.130", > " 80.203.228.236", "84.16.193.140", "80.203.211.14", "128.39.141.245 ", > "60.234.229.82", "200.121.55.151", "203.81.233.127", " 193.219.28.245", > "83.28.65.161", "217.153.252.4", "82.76.242.24", " 80.252.209.6", > "62.119.159.118", "85.8.4.206", "83.227.72.118", " 213.113.166.221", > "83.219.212.101", "85.225.168.113", "213.100.254.179", " 85.225.42.22", > "82.182.109.115", "217.28.206.143", " 213.112.252.71", "213.114.29.49", > "194.249.212.110", "195.72.0.6", " 203.155.247.31", "65.25.220.178", > "67.23.145.190", "68.227.90.101", " 70.17.122.103", "209.51.169.86", > "70.187.87.248", "70.92.178.34 ", "68.232.142.96", "24.170.55.120", > "154.35.101.77", " 64.246.50.101", "24.110.201.24", "68.7.121.40", > "147.97.50.171", " 68.167.210.203", "18.246.2.33", "68.173.37.136", > "72.21.33.202", " 72.36.146.118", "207.150.167.67", "149.9.13.22", > "71.133.227.217", " 216.55.190.201", "68.40.192.5", "12.222.100.156", > "216.39.146.25", " 64.142.74.86", "63.85.194.6", "216.130.255.201", > "146.201.211.64", " 69.60.122.49", "24.18.9.231", "18.78.1.38", > "70.84.114.153 ", "208.40.218.144", "64.122.12.107", "65.196.226.32", > " 24.125.131.99", "154.5.66.241", "65.13.27.20", "204.253.162.11", > " 129.21.228.88", "70.110.70.238", "137.148.5.13", "144.92.82.21", > " 216.12.165.46", "64.90.164.74", "208.99.207.139", "68.110.103.159", > " 64.5.53.220", "168.103.224.74", "75.6.230.66", "72.177.87.57 ", > "24.155.82.33", "68.4.96.114", "72.226.235.186", " 66.219.161.166", > "128.2.141.33", "209.237.225.10", "216.237.143.47", " 68.57.216.138", > "68.83.82.92", "206.225.83.5", "66.210.104.251 ", "216.55.149.21", > "69.41.174.196", "131.179.224.133", " 128.83.114.63", "216.32.80.75", > "66.93.170.242", "199.77.129.53", " 64.81.100.208", "65.174.217.58", > "69.205.41.136", "160.36.137.37", " 208.14.31.5", "24.111.174.178", > "66.90.89.162", "154.35.47.59", " 68.35.231.249", "208.40.218.131", > "208.40.218.136", "64.74.207.50", " 70.232.120.165", "66.70.10.53", > "141.149.128.197", " 209.114.200.129", "154.35.85.17","208.185.251.121", > "68.115.140.133", " 18.248.3.82", "24.11.233.143", "128.2.132.175", > "70.85.75.42 ", "66.111.43.137", "140.247.60.64", "216.152.242.200", > " 68.40.71.110", "206.174.19.25", "69.163.32.140", "24.175.184.12", > " 71.32.251.76", "24.131.177.71", "207.210.65.130", "24.91.169.157", > " 68.40.171.66", "71.242.124.82", "18.244.0.188", "18.244.0.114 ", > "18.152.2.242", "64.81.246.230", "149.9.118.34", " 64.142.31.83", > "24.22.104.31", "24.136.12.209", "64.34.180.99", " 68.102.99.221", > "69.12.128.32", "69.93.158.203", "66.52.66.26", " 149.9.200.187", > "64.90.179.108", "70.16.37.14", "64.81.240.144", " 70.230.73.20", > "18.244.0.188", "71.108.145.137", "65.254.37.163", " 71.248.176.151", > "65.254.45.211", "66.167.32.85", "72.20.1.166", " 68.167.210.150", > "66.98.136.49", "65.60.136.107", "67.173.143.46", " 209.8.40.177", > "24.10.127.243", "69.62.156.11", "140.247.62.64", " 68.167.210.88", > "68.94.234.105", "24.30.67.89", "140.247.62.119", " 68.171.51.78", > "65.185.92.216", "68.20.30.211", "12.222.111.115", " 65.7.136.249", > "18.187.1.68", "138.236.226.221", "24.21.12.194", " 70.59.183.168", > "69.12.145.165", "128.30.28.19", "24.117.110.24", " 69.51.152.43", > "134.53.170.128", "198.252.201.22", "209.242.5.54", " 64.135.207.45", > "154.35.1.8", "206.124.149.146", "82.165.144.169 ", "24.250.192.233", > "69.155.12.77", "216.231.168.178", " 70.110.247.138", "66.146.193.33", > "65.28.107.89", "24.94.2.121", " 130.126.141.153", "71.56.235.157", > "72.3.249.87", "68.121.166.117", " 74.0.33.114", "149.9.0.21", > "134.53.24.52", "38.99.66.86", " 216.27.178.157", "66.200.164.250", > "168.150.251.36", "66.236.18.180", " 66.219.59.183", "154.35.254.172", > NULL > }; > int index = 0 > int ast4 = 0; > while (listof33[index] != NULL) { > if (strcmp (internetaddress, listof33[index]) == 0) { > ast4 = 1; > break; > } > index++; > } > if (ast4) { > fprintf(stderr, "TOR EXIT %s ATTEMPTED CONNECT!!!\n", internetaddress); > fflush(stderr); > return HTTP_FORBIDDEN; > } > else > return DECLINED; > } > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >
Powered by blists - more mailing lists