ASA Botnet Filtering - Does it block Tor Exit nodes?
Hello Group. I am looking into to methods to block TOR network activity both inbound and outbound. Outbound is pretty straightforward by utilizing IPS and AV signatures. Inbound seems to be a little more involved. Preventing inbound traffic requires blocking all of the TOR exiit nodes which comprise a list of multiple thousands of IPs including small percentage that are dynamic. Does the ASA Botnet Filter encompass these IPs?
Thanks in advance for any input.
/JT
Hi,
One of the sources that the Botnet traffic filter uses is senderbase.org (also it uses many others)so you can evaluate one of the IP address that you know that belongs to the TOR network and see what reputation it has (to see if the botnet feature will catch it); but remember that the main idea behind this feature is the botnet detection; and I don't think we can qualify this site as a botnet site.
Thanks,
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html
Similar Messages
-
Is Skype blocking TOR exit nodes?
Hello everybody,
after contacting the Skype customer support and reading the forums i just have one question.
Is Skype blocking connections to TOR exit nodes?
Yes or No?
We just want an official answer from Skype, this should be possible!
For further information see:
http://community.skype.com/t5/Windows-desktop-client/running-a-tor-exit-node-ipv6-and-natively-bridg...
http://community.skype.com/t5/Windows-desktop-client/TOR-Exit-Node-IP-blocked-From-connecting-with-t...
VarVarnaVarVarna,
Our Community Manager is a man of his word ... patience, please.
Best regards,
Elaine
Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often! -
ASA botnet filter vs ips global correlation
Does the global correlation include the data from botnet filter? On Cisc's site it says this on the global correlation
Customers deploying Cisco IPS can benefit from Global Correlation in multiple ways. First, bad traffic from known sources is stopped immediately. This includes zero-day attacks, for which no traditional threat prevention currently exists, advanced persistent threats (APTs), and botnet command and control trafficHello Matt,
Check the following info:
Cisco ASA Botnet Traffic Filter
This paper focuses on how Cisco Security Intelligence Operations relates to botnet threat identification, and its interaction with the Cisco ASA Botnet Traffic Filter. It is important to realize that a comprehensive security deployment should include Cisco Intrusion Prevention Systems (IPS) with its reputation based Global Correlation service and IPS signatures in conjunction with the security services provided by the ASA security appliance such as Botnet Traffic Filter.
So I would say they both provide you security based on databases from the SIO but they will not be equal on their funcionalities, that is why Cisco recommend to use both when possible,
Regards -
HT4863 How long does a block on sending messages last after exceeding the daily limit ?
I exceeded the limit while restoring my Mac and re-instantiating all my email Filters.
This is a bit of a surprise but, hey, lesson learned.
My question is, how long does this block last for ? Is it lifted automatically after
24 hours or do I need to contact someone at Apple ?
Thanks !iCloud Camera Roll Backup Size:
Settings > iCloud > Storage & Backup > Manage Storage > (name) iPhone 5S > under Backup Options Camera Roll is 1.7gb
(sorry, I rounded to 2gb for simplicity earlier)
iPhone Camera Roll Backup Size:
Settings > General > Usage > under Storage > Photos & Camera > under Photos & Camera the Camera Roll is 835 kb
(essentially 0 kb, and there are 0 photo/vid under Camera Roll in Photos app) -
Does IP block list Providers protect Public Folders
Hi,
Just a quick question about IP Block List Providers in exchange 2010.
We have Spamhaus setup in the list, we just moved one of our customers over to DNS based mail and they have since been receiving a great deal of spam.
Does IP block list Providers protect Public Folders
with when email is enabled on the folder?
thanks,
Fulton
Have a good day.Hi, Fultz.
I am not sure if you are using ForeFront (FF) but if you are, you need to configure FF to add the public folders as a scan target for real-time scanning.
http://technet.microsoft.com/en-us/library/cc483020.aspx
Alternately, it seems like a lot of folks use the GFI Mail Essentials for scanning public folders as well.
If these answers are no good to you, that's cool. I recommend that you this question on the Exchange forum, located here:
http://social.technet.microsoft.com/Forums/exchange/en-US/home
Good luck!
Best wishes, Davin Mickelson -
I listen to whisperings at solopianoradio.com. This site does not block a log in. I use the app add on to edit pass words and entered this web site and pass word. Firefox will still not act on this entered pass word.
Don't follow what you are saying. Earlier versions of Firefox remembered and placed pass words for solopiano. When Firefox was updated to the latest ver, Firefox stopped placing pass words for solopiano. I reloaded 3.6.18, but it still does not work. I checked with the site operator. He does not know why I have the problem as no one else has reported this problem.
-
Blocksite does not block a bookmarked site
I installed Blocksite to use it to block Facebook on my home computer. It works if I type in the URL in the text box. But, if I click on the bookmark on the toolbar for Facebook that was saved before I downloaded Blocksite, it does not block Facebook. Any suggestions?
[http://support.mozilla.org/en-US/kb/Firefox%20cannot%20load%20websites%20but%20other%20programs%20can#w_firefox-cannot-load-certain-websites Firefox cannot load certain websites]
thank you -
Occasionaly my FCP does not save on exit, is it just me?
On some occasions varies, fcp does not save on exit, it just goes. Other times its polite and says , wanna save ya changes mate?
Yes there has been changes made cos on re open the stuff I done has gone!
I do try and save manually as often as I can learning this, and I have auto save on 5 mins.
I just think its a bit poor on continunity, either dont save on exit or save, rather than giving me the run around.
Does this happen with you guys or just me? please add your comments
Dazsounds like FCP is crashing on exit
I would perform all the usual maintenance proceudres:
trash FCP preferences
Disc Warrior
repair permissions -
WRT1900AC does not block internet access in Parental Control
Hi,My router does not block internet access on my other PC. I tryed "Always" tryed specific addresses, tryed IP addresses and everything tech support suggested. I even replaced the router at their advise. Nothing helped. I realize that the problem is not the router but probably my home network configuration, but I can't figure out what is it. To my defence, so couldn't they Does anybody have or had such a problem?Thank you
What Firmware version is currently loaded?Can you post screen shots of how you have the controls configured?Does the User Manual give any configuration help? Internet Service Provider and Modem Configurations
What ISP Service do you have? Cable or DSL?
What ISP Modem Mfr. and model # do you have? Router and Wired Configurations
Setup DHCP reserved IP addresses for all devices ON the router. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting and maintain consistency for applications that need to connect as well as mapped drives. -
Cisco WSA able to block TOR Browser?
hi all,
We have a WSA in the network as a transparent proxy.
Is there a way for WSA to block the use of TOR Browser?
Also is it possible to limit torrent bandwidth tooHi Guys,
* Requiring NTLM auth in explicit proxy mode stops it cold - this is
just a missing feature in TOR.
* If you disable auth, or use Basic auth, then requiring that SSL
destinations have server certs signed by known CA's will stop it. (This
works regardless of the decryption reputation, as the WSA always appears
to check this in explicit mode when configured.)
* If you disable the above two methods, the "filter avoidance" URL
category is only effective against the initial "find directory servers"
boot-up. If we miss one, or the client has this info cached from
before, the URL category is not effective.
* Another method that would be effective would be to block all browsing
by IP address; however, this has a pretty good chance of false
positives.
Notice that the above will only work if all egress ports which are not proxied are blocked. TOR will attempt to go outbound on higher ports; if you are not blocking these (eg on the Firewall), it becomes nearly impossible to effectively block TOR. -
Why is it that my ABP does not block the advertisements?
Why is it that my ABP does not block the advertisements?.. because it did not work I removed Firefox.. then downloaded a new one.. which came with a ABP.. I thought it would work but it doesn't work some one suggested some kind of subscription and where to find it but it was not there.. please help me if you can.. I had my fill of the adds that I do not want. thanks for any help Stan.
== This happened ==
Every time Firefox opened
== whithin the last three weeksMost likely you are not getting the default filter subscription which recently switched to being hosted over https
Here's the related blog which also has the solution:
http://adblockplus.org/blog/how-do-users-end-up-with-a-misconfigured-certificate-store -
WRT54G v8 firmware that does not block ports?
Hello everyone! Is there a 3rd party firmware for the WRT54G v8 router that does not block ports or has the option to disable port blocking? I would like all ports to be open on all devices in my network. Thank you!
This setting is not recommended because it opens your entire network to attack. Instead, you should selectively open only the ports you need to play your Internet games.
People who open all their ports often get their computers infected with viruses which send out spam. When your ISP sees you sending spam, they will turn off your email, IM, or even disconnect you. -
Why does Mac block flash content and is it a bad idea to install adobe flash
Help me please...Why does Mac block flash content and is it a bad idea to install adobe flash?
http://forums.adobe.com/thread/1195540
-
Indivdual Drill Filters for each Block
Hello,
Is it possible to have individual Drill Filters for each block of a report in BO XI R2? Suppose i have a Cross tab report and graph in the same report, and i want to apply individual Drill FIlters for Cross Tab Report and Graph. Can we do this in BO XI R2?You can use for Block1 the objects from the first query only.
For example:
=[Query1].[Region]
and for block2 you use the merged dimension:
=[Region]
If it doesn't work you can try this other way of solving it (check this link):
restrict drill downs in two blocks
Edited by: PadawanGirl on Jan 19, 2011 5:53 PM -
I had access to www.oron.com yesterday.
Did downloading over a few hours.
today I can't get the site to come up.
tried 3 computers.
changed IP address
flushed cookies
however if I connect through a Proxy the site appears.
running win7
broadband opt3
So does BT block this site?
Solved!
Go to Solution.Well apparently it is not BT that i have restricted the sites but this foundation:http://en.wikipedia.org/wiki/Internet_Watch_Foundation#Of_proxy_server_used_by_ISPs. But i think BT should have known better! As of yesterday i cannot access any of these sites:
www.depositefiles.com
www.oron.com
www.megaupload.com
www.filesonic.com
www.stooorage.com
It seems that the IWF took the view that these web sites were hosting dangerous contents! I am paying £25 a month for an unlimited download and i cant download jack! unless BT sort themselves out with the IWF I will leave. This is ridiculous! by the way, i have friends on 02 broadband and they have the same issues as many uk isp providers are using the IWF proxy servers!
Maybe you are looking for
-
Creating a Master virtual hard disk and using the same for all other VM's
Hi, We would like to create a master virtual hard disk and use the same for all other VM's. Can we do that ? my requirements : 1) create 10 VM's 2) first create a master virtual hard disk with win OS and use the same to create the 10 VM's. 3) After c
-
No header, main area and footer in smartforms while creating table in 4.6c
Hi Experts, Iam working in SAP 4.6c version and iam creating smartform for domestic invoice, in smartform i have created table but when expand the table its not giving the option of Header, Main Area and footer, can anyone explain how i can get the a
-
MS Word not listed in Acrobat 9 supported file type (Windows 7 64 + Office 2007)
Installation details: Windows 7 64bit O/S MS Office 2007 Acrobat 9 Professional When attempting to create a PDF from multiple files or combine multiple files into one PDF (single or package/portfollio) Microsoft Word is not listed in the supported fi
-
Apple TV sync is taking forever- Will this happen each time I sync?
I just got a new Apple Tv. I am syncing 12 movies from iTunes and about 650 songs. This is taking forever! My question is, if I add a new movie to iTunes and want to sync it to AppleTv, will it take this long again? If I uncheck the rest of the movie
-
Extended Analytics template label issue
I'm trying to create star schema via extended analytics from work space but getting below error 'Invalid Extn Analy templete label. Please provide a valid template label. ' I followed all steps provided on http://www.oracle.com/technetwork/middleware