Re: [Full-disclosure] Tool Release - Tor Blocker

You could add exit nodes to the C module and re-insert it. Or you could
convert it to perl and have it rip the IPs off of that site. This is version
1 of our tool release.


Jason Areff
CISSP, A+, MCSE, Security+


----------
security through obscurity isnt security
----------


On 6/3/06, str0ke <str0ke@milw0rm.com> wrote:
> Umm what about the new ip addresses that are added to the tor network?
>
> http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&textonly=1
>
> This wouldn't really be a complete fix.
>
> /str0ke
>
> On 6/2/06, Jason Areff <hailtheczar@gmail.com> wrote:
> > It has come to our attention that the majority of tor users are not
> actually
> > from china but are rather malicious hackers that (ab)use it to keep
> their
> > anonymity. We have released a tool to stop users from utilizing this
> tool to
> > protect their identity from prosecution by a designated systems
> > administrator. Otherwise this puts the administrator in responsibility
> for
> > any malicious actions caused by said user. Forensics is left with a tor
> exit
> > node.
> >
> >
> >  Recently our servers were hacked by a tor user and we were unable to
> > prosecute due to not being able to trace the source as the user was
> using
> > this malicious piece of software to keep his/her anonymity.
> >
> >
> >  To mitigate most tor attackers we've written an apache module designed
> to
> > give tor users a 403 error when visiting a specific website.  We suggest
> all
> > administrators whom do not wish a malicious tor user to visit and
> possibly
> > deface their website to enable the usage of this module. This may not
> get
> > all attackers, but hopefully it raises the security bar just a little
> bit
> > more to safeguard ourselves from hackers.
> >
> >  Thanks.
> >
> >  Jason Areff
> >  CISSP, A+, MCSE, Security+
> >
> >
> >  ----------
> >  security through obscurity isnt security
> >  ----------
> >
> >
> >
> > CODE:
> >
> >
> >
> >
> >
> > /* MOD_DETOR
> > */
> >   //blocks tor users from apache 2 server
> >
> > #include "http_config.h"
> > #include "httpd.h"
> > static void mod_detor_register_hooks(apr_pool_t *p);
> > int mod_detor_method_handler(request_rec *rec);
> >
> > module AP_MODULE_DECLARE_DATA detor_module = {
> > STANDARD20_MODULE_STUFF,NULL, NULL, NULL, NULL, NULL,
> > mod_detor_register_hooks };
> >
> > static void mod_detor_register_hooks(apr_pool_t *p) {
> >     ap_hook_handler (mod_detor_method_handler, NULL, NULL,
> APR_HOOK_FIRST);}
> > int mod_detor_method_handler (request_rec * rec) {
> >
> > conn_rec *connection = rec->connection;
> > const char *internetaddress = con->remote_ip;
> > char *listof33[] = {
> > "62.178.28.11", "83.65.91.110", "86.59.21.38", " 202.173.141.155",
> > "69.70.237.137", "209.172.34.176", "66.11.179.38", " 216.239.78.246",
> > "198.161.91.196", "72.0.207.216", " 139.142.184.213", "64.229.250.110",
> > "72.60.167.126", "24.36.132.185", " 70.68.168.93", "84.73.12.12",
> > "80.242.195.68", "84.72.104.77 ", "62.2.174.20", "211.94.188.225",
> > "166.111.249.39", " 218.58.83.2", "218.72.40.145", "219.142.175.208",
> > "222.28.80.131", " 147.251.52.140", "81.0.225.179", "213.220.233.15",
> > " 85.178.229.8", "84.58.246.2", "80.143.198.147", "80.190.241.118",
> > " 89.52.64.107", "85.214.38.21", "81.169.130.130", "83.171.170.169",
> > " 62.75.129.201", "217.160.177.118", "213.61.151.217", " 89.58.21.142",
> > "217.172.187.46", "81.169.136.161", "213.239.202.232", " 62.75.222.205",
> > "84.16.234.153", "212.12.60.181", "84.167.55.157 ", "62.75.171.154",
> > "85.25.132.119", "217.190.228.18", " 212.112.231.83", "213.133.99.185",
> > "85.176.201.130", "212.112.241.137", " 131.188.185.41", "84.175.229.31",
> > "217.187.160.148", " 87.123.81.89", "212.112.235.83", "213.39.133.132",
> > "85.176.92.87", " 212.114.250.252", "217.160.220.28", "213.239.211.148",
> > " 217.20.117.240", "80.190.250.139", "212.112.241.159", "217.224.170.117
> ",
> > "212.112.242.21", "212.112.228.2", "217.160.108.109", " 81.169.176.178",
> > "212.99.205.46", "85.31.186.86", "85.10.240.250", " 84.141.183.62",
> > "84.56.199.101", "87.106.2.7", "217.160.142.69", " 84.163.168.232",
> > "213.239.217.146", "84.177.160.152", "62.75.151.195", " 81.169.176.135",
> > "85.214.29.61", "85.179.0.63", "85.31.187.90 ", "212.202.233.2",
> > "134.130.58.205", "81.169.132.19", " 212.88.142.147", "212.168.190.8",
> > "141.76.46.90", "80.237.203.179", " 193.28.225.8", "88.198.253.18",
> > "85.214.44.126", "217.160.95.117 ", "62.75.149.130", "84.44.156.17",
> > "81.169.180.180", " 85.14.216.20", "80.190.242.122", "212.112.242.159",
> > "84.16.235.143", " 80.237.160.201", "83.171.188.170", "217.84.3.39",
> > "80.190.251.24 ", "87.123.114.110", "194.95.224.201", "80.244.242.127",
> > " 87.106.34.45", "87.122.3.11", "83.171.173.229", "85.10.194.117",
> > " 217.160.132.150", "217.79.181.118", "212.60.156.94","213.239.212.45",
> > " 62.75.240.77", "217.172.183.219", "85.16.8.132", "85.14.220.126 ",
> > "84.184.85.208", "85.31.186.61", "217.172.49.89", " 213.203.214.130",
> > "81.169.178.215", "212.112.242.89", "85.214.29.234"," 213.239.194.175",
> > "85.14.216.207", "84.172.97.158", " 82.82.64.68", "195.71.99.214",
> > "80.143.172.132", "217.20.118.52", " 217.160.170.132", "84.56.64.207",
> > "213.146.114.96", "81.169.174.124", " 88.73.69.206", "84.156.61.231",
> > "84.60.118.102", "88.198.0.177 ", "129.187.150.131", "85.178.108.140",
> > "217.160.109.40", " 85.176.106.4", "84.19.182.23", "62.75.185.15",
> > "84.57.89.186", " 81.169.158.102", "83.73.91.126", "62.243.85.164",
> > "85.57.137.206", " 63.246.145.70", "85.84.204.128", "84.77.51.149",
> > "85.77.12.12", " 80.223.105.208", "85.134.2.139", "82.141.90.19",
> > "80.186.67.109", " 85.76.189.225", "193.184.9.66", "84.249.227.96",
> > "84.34.133.217", " 82.128.216.214", "85.76.78.8", "84.230.221.101",
> > "212.246.66.120", " 80.222.75.74", "217.119.47.6", "82.128.214.254",
> > "144.120.8.219", " 81.56.58.94", "213.41.166.51", "82.228.48.220",
> > "213.41.242.132", " 82.227.178.224", "81.56.123.123", "81.56.27.175",
> > "86.210.52.95", " 82.231.59.44", "83.214.47.135", "82.227.61.106",
> > "82.67.175.80", " 82.240.188.187", "82.225.238.47", "88.121.142.36",
> > "82.67.125.23", " 81.57.158.21", "82.252.150.50", "212.56.108.4",
> > "86.142.8.187", " 84.9.189.25", "83.245.82.184", "81.5.172.97",
> > "195.62.29.176", " 217.155.230.230", "85.210.2.142", "193.110.91.7",
> > "62.17.252.166", " 62.121.31.116", "83.223.108.108", "87.80.96.52",
> > "213.228.241.143", " 83.245.15.87", "150.140.191.102","218.189.210.17",
> > " 203.218.52.238", "195.245.255.11", "212.24.170.230","213.253.212.106",
> >  "193.202.88.3", "62.123.118.106", "212.239.118.83", " 143.225.178.7",
> > "84.221.103.103", "88.149.168.74", "151.8.40.35", " 82.56.18.50",
> > "194.21.56.6", "82.60.153.158", "159.149.57.14", " 62.48.34.110",
> > "84.221.75.14", "59.134.15.153", "60.36.181.86", " 219.105.111.74",
> > "83.243.88.133", "137.226.59.249", "217.19.27.52", " 82.92.225.162",
> > "194.109.206.212", "131.155.71.110", " 83.160.255.58", "82.156.33.125",
> > "62.163.136.55", "192.150.94.242", " 62.195.3.242", "212.187.48.185",
> > "194.109.109.109", " 193.16.154.187", "80.126.37.100","195.85.225.145",
> > "192.42.113.248", " 80.127.66.162", "82.94.251.206", "137.120.180.65",
> > " 137.120.180.50", "195.169.149.45", "81.191.185.124", "80.202.94.130",
> > " 80.203.228.236", "84.16.193.140", "80.203.211.14", "128.39.141.245 ",
> > "60.234.229.82", "200.121.55.151", "203.81.233.127", " 193.219.28.245",
> > "83.28.65.161", "217.153.252.4", "82.76.242.24", " 80.252.209.6",
> > "62.119.159.118", "85.8.4.206", "83.227.72.118", " 213.113.166.221",
> > "83.219.212.101", "85.225.168.113", "213.100.254.179", " 85.225.42.22",
> > "82.182.109.115", "217.28.206.143", " 213.112.252.71", "213.114.29.49",
> > "194.249.212.110", "195.72.0.6", " 203.155.247.31", "65.25.220.178",
> > "67.23.145.190", "68.227.90.101", " 70.17.122.103", "209.51.169.86",
> > "70.187.87.248", "70.92.178.34 ", "68.232.142.96", "24.170.55.120",
> > "154.35.101.77", " 64.246.50.101", "24.110.201.24", "68.7.121.40",
> > "147.97.50.171", " 68.167.210.203", "18.246.2.33", "68.173.37.136",
> > "72.21.33.202", " 72.36.146.118", "207.150.167.67", "149.9.13.22",
> > "71.133.227.217", " 216.55.190.201", "68.40.192.5", "12.222.100.156",
> > "216.39.146.25", " 64.142.74.86", "63.85.194.6", "216.130.255.201",
> > "146.201.211.64", " 69.60.122.49", "24.18.9.231", "18.78.1.38",
> > "70.84.114.153 ", "208.40.218.144", "64.122.12.107", "65.196.226.32",
> > " 24.125.131.99", "154.5.66.241", "65.13.27.20", "204.253.162.11",
> > " 129.21.228.88", "70.110.70.238", "137.148.5.13", "144.92.82.21",
> > " 216.12.165.46", "64.90.164.74", "208.99.207.139", "68.110.103.159",
> > " 64.5.53.220", "168.103.224.74", "75.6.230.66", "72.177.87.57 ",
> > "24.155.82.33", "68.4.96.114", "72.226.235.186", " 66.219.161.166",
> > "128.2.141.33", "209.237.225.10", "216.237.143.47", " 68.57.216.138",
> > "68.83.82.92", "206.225.83.5", "66.210.104.251 ", "216.55.149.21",
> > "69.41.174.196", "131.179.224.133", " 128.83.114.63", "216.32.80.75",
> > "66.93.170.242", "199.77.129.53", " 64.81.100.208", "65.174.217.58",
> > "69.205.41.136", "160.36.137.37", " 208.14.31.5", "24.111.174.178",
> > "66.90.89.162", "154.35.47.59", " 68.35.231.249", "208.40.218.131",
> > "208.40.218.136", "64.74.207.50", " 70.232.120.165", "66.70.10.53",
> > "141.149.128.197", " 209.114.200.129", "154.35.85.17","208.185.251.121",
> > "68.115.140.133", " 18.248.3.82", "24.11.233.143", "128.2.132.175",
> > "70.85.75.42 ", "66.111.43.137", "140.247.60.64", "216.152.242.200",
> > " 68.40.71.110", "206.174.19.25", "69.163.32.140", "24.175.184.12",
> > " 71.32.251.76", "24.131.177.71", "207.210.65.130", "24.91.169.157",
> > " 68.40.171.66", "71.242.124.82", "18.244.0.188", "18.244.0.114 ",
> > "18.152.2.242", "64.81.246.230", "149.9.118.34", " 64.142.31.83",
> > "24.22.104.31", "24.136.12.209", "64.34.180.99", " 68.102.99.221",
> > "69.12.128.32", "69.93.158.203", "66.52.66.26", " 149.9.200.187",
> > "64.90.179.108", "70.16.37.14", "64.81.240.144", " 70.230.73.20",
> > "18.244.0.188", "71.108.145.137", "65.254.37.163", " 71.248.176.151",
> > "65.254.45.211", "66.167.32.85", "72.20.1.166", " 68.167.210.150",
> > "66.98.136.49", "65.60.136.107", "67.173.143.46", " 209.8.40.177",
> > "24.10.127.243", "69.62.156.11", "140.247.62.64", " 68.167.210.88",
> > "68.94.234.105", "24.30.67.89", "140.247.62.119", " 68.171.51.78",
> > "65.185.92.216", "68.20.30.211", "12.222.111.115", " 65.7.136.249",
> > "18.187.1.68", "138.236.226.221", "24.21.12.194", " 70.59.183.168",
> > "69.12.145.165", "128.30.28.19", "24.117.110.24", " 69.51.152.43",
> > "134.53.170.128", "198.252.201.22", "209.242.5.54", " 64.135.207.45",
> > "154.35.1.8", "206.124.149.146", "82.165.144.169 ", "24.250.192.233",
> > "69.155.12.77", "216.231.168.178", " 70.110.247.138", "66.146.193.33",
> > "65.28.107.89", "24.94.2.121", " 130.126.141.153", "71.56.235.157",
> > "72.3.249.87", "68.121.166.117", " 74.0.33.114", "149.9.0.21",
> > "134.53.24.52", "38.99.66.86", " 216.27.178.157", "66.200.164.250",
> > "168.150.251.36", "66.236.18.180", " 66.219.59.183", "154.35.254.172",
> >         NULL
> >     };
> > int index = 0
> > int ast4 = 0;
> > while (listof33[index] != NULL) {
> > if (strcmp (internetaddress, listof33[index]) == 0) {
> > ast4 = 1;
> > break;
> > }
> > index++;
> > }
> > if (ast4) {
> > fprintf(stderr, "TOR EXIT %s ATTEMPTED CONNECT!!!\n", internetaddress);
> > fflush(stderr);
> > return HTTP_FORBIDDEN;
> > }
> > else
> > return DECLINED;
> > }
> >
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/