Re: AW: [squid-users] block TOR

From: Carlos Manuel Trepeu Pupo <charlie.mtp_at_gmail.com>
Date: Mon, 5 Dec 2011 10:27:54 -0500

I want to block the Tor traffic because my clients use it to jump my
rules about the blocked site. In my firewall it's a little more
difficult refresh the Node that I want to block.

Jenny told about he/she can't establish a connection to the TOR net
across squid, but I can't see the problem, using CONNECT and 443 port
it's all the client needs !!!

I'm waiting for you guys !!!

On Sun, Dec 4, 2011 at 1:50 AM, Jenny Lee <bodycare_5_at_live.com> wrote:
>
> Judging from "dst" acl, ultrasurf traffic and all in this thread, this is talking about outgoing traffic to Tor via squid.
>
> Why would anyone want to block Tor traffic to his/her webserver (if this is not an ecommerce site)? If it was an ecommerce site, they would know what to do already and not ask this question here. Tor exists are made available daily and firewall is hte place to drop them.
>
> I still want to hear what OP would say.
>
> Jenny
>
>
>
>
>> From: amuelle1_at_gmx.de
>> To: squid-users_at_squid-cache.org
>> Date: Sun, 4 Dec 2011 00:39:01 +0100
>> Subject: AW: [squid-users] block TOR
>>
>> The question is with traffic of tor should be blocked. Outgoing client
>> traffic to the tor network or incoming httpd requests from tor exit nodes ?
>>
>> Andreas
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Jenny Lee [mailto:bodycare_5_at_live.com]
>> Gesendet: Sonntag, 4. Dezember 2011 00:09
>> An: charlie.mtp_at_gmail.com; leolistas_at_solutti.com.br
>> Cc: squid-users_at_squid-cache.org
>> Betreff: RE: [squid-users] block TOR
>>
>>
>> I dont understand how you are managing to have anything to do with Tor to
>> start with.
>>
>> Tor is speaking SOCKS5. You need Polipo to speak HTTP on the client side and
>> SOCKS on the server side.
>>
>> I have actively tried to connect to 2 of our SOCKS5 machines (and Tor) via
>> my Squid and I could not succeed. I have even tried Amos' custom squid with
>> SOCKS support and still failed.
>>
>> Can someone explain to me as to how you are connecting to Tor with squid
>> (and consequently having a need to block it)?
>>
>> Jenny
>>
>>
>> > Date: Sat, 3 Dec 2011 16:37:05 -0500
>> > Subject: Re: [squid-users] block TOR
>> > From: charlie.mtp_at_gmail.com
>> > To: leolistas_at_solutti.com.br
>> > CC: bodycare_5_at_live.com; squid-users_at_squid-cache.org
>> >
>> > Sorry for reopen an old post, but a few days ago i tried with this
>> > solution, and ..... like magic, all traffic to the Tor net it's
>> > blocked, just typing this:
>> > acl tor dst "/etc/squid3/tor"
>> > http_access deny tor
>> > where /etc/squid3/tor it's the file that I download from the page you
>> > people recommend me !!!
>> >
>> > Thanks a lot, this is something that are searching a lot of admin that
>> > I know, you should put somewhere where are easily to find !!! Thanks
>> > again !!
>> >
>> > Sorry for my english
>> >
>> > On Fri, Nov 18, 2011 at 4:17 PM, Carlos Manuel Trepeu Pupo
>> > <charlie.mtp_at_gmail.com> wrote:
>> > > Thanks a lot, I gonna make that script to refresh the list. You´ve
>> > > been lot of helpful.
>> > >
>> > > On Fri, Nov 18, 2011 at 3:39 PM, Leonardo Rodrigues
>> > > <leolistas_at_solutti.com.br> wrote:
>> > >>
>> > >> i dont know if this is valid for TOR ... but at least Ultrasurf,
>> > >> which i have analized a bit further, encapsulates traffic over
>> > >> squid always using CONNECT method and connecting to an IP address.
>> > >> It's basically different from normal HTTPS traffic, which also uses
>> > >> CONNECT method but almost always (i have found 2-3 exceptions in some
>> years) connects to a FQDN.
>> > >>
>> > >> So, at least with Ultrasurf, i could handle it over squid simply
>> > >> blocking CONNECT connections which tries to connect to an IP
>> > >> address instead of a FQDN.
>> > >>
>> > >> Of course, Ultrasurf (and i suppose TOR) tries to encapsulate
>> > >> traffic to the browser-configured proxy as last resort. If it finds
>> > >> an NAT-opened network, it will always tries to go direct instead of
>> > >> through the proxy. So, its mandatory that you do NOT have a
>> > >> NAT-opened network, specially on ports
>> > >> TCP/80 and TCP/443. If you have those ports opened with your NAT
>> > >> rules, than i really think you'll never get rid of those services,
>> > >> like TOR and Ultrasurf.
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> Em 18/11/11 14:03, Carlos Manuel Trepeu Pupo escreveu:
>> > >>>
>> > >>> So, like I see, we (the admin) have no way to block it !!
>> > >>>
>> > >>> On Thu, Sep 29, 2011 at 3:30 PM, Jenny Lee<bodycare_5_at_live.com> wrote:
>> > >>>>
>> > >>>>> Date: Thu, 29 Sep 2011 11:24:55 -0400
>> > >>>>> From: charlie.mtp_at_gmail.com
>> > >>>>> To: squid-users_at_squid-cache.org
>> > >>>>> Subject: [squid-users] block TOR
>> > >>>>>
>> > >>>>> There is any way to block TOR with my Squid ?
>> > >>>>
>> > >>>> How do you get it working with tor in the first place?
>> > >>>>
>> > >>>> I really tried for one of our users. Even used Amos's custom
>> > >>>> squid with SOCKS option but no go.
>> > >>>>
>> > >>>> Jenny
>> > >>
>> > >>
>> > >> --
>> > >>
>> > >>
>> > >> Atenciosamente / Sincerily,
>> > >> Leonardo Rodrigues
>> > >> Solutti Tecnologia
>> > >> http://www.solutti.com.br
>> > >>
>> > >> Minha armadilha de SPAM, NĂO mandem email gertrudes_at_solutti.com.br
>> > >> My SPAMTRAP, do not email it
>> > >>
>> > >>
>> > >>
>> > >>
>> > >>
>>
>>
Received on Mon Dec 05 2011 - 15:28:03 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 06 2011 - 12:00:03 MST