Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Tells Administrators To Block Tor On Security Grounds

Posted by samzenpus on from the protect-ya-neck dept.

Mickeycaskill writes: IBM says Tor is increasingly being used to scan organizations for flaws and launch DDoS, ransomware and other attacks. Tor, which provides anonymity by obscuring the real point of origin of Internet communications, was in part created by the US government, which helps fund its ongoing development, due to the fact that some of its operations rely on the network. However, the network is also widely used for criminal purposes. A report by the IBM says administrators should block access to Tor , noting a "steady increase" an attacks originating from Tor exit nodes, with attackers increasingly using Tor to disguise botnet traffic. "Spikes in Tor traffic can be directly tied to the activities of malicious botnets that either reside within the Tor network or use the Tor network as transport for their traffic," said IBM. "Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions."

7 of 70 comments (clear)

  1. Criminals are only a subset by Anonymous Coward · · Score: 0, Insightful

    "Widely used" is just a throwaway generalization that means "this is the only thing we think this is used for."

  2. Re: See.. by Anonymous Coward · · Score: 1, Insightful

    Internet is also used for all kind of attacks. So I guess it should be banned too!

  3. Blame TOR malicious botnets .. by nickweller · · Score: 5, Insightful

    If security on these public and private-sector networks weren't so flaky, botnets wouldn't be such a problem. Remember all it took to compromise SONY was one malicious email attachment. Make you wonder how Internet security got so bad considering folks like the NSA helps these organizations securing their 'computers'.

  4. Re:Duh by Anonymous Coward · · Score: 3, Insightful

    Your an idiot. Blocking Tor *won't* do a damm thing at actually solving the security problem. All it does is give you the illusion of security when you don't know what your doing.

  5. Re:This isn't security it's security theatre by TheCarp · · Score: 5, Insightful

    > Blocking Tor doesn't do a damm thing for real security. It won't stop the "attacks". There are plenty of other avenues for malicious parties to use.

    While mostly true, you do have to consider that exit nodes that are on your internal network are probably bad juju.

    Personally, I am all for using tor, but I wouldn't want to see random users putting up exit nodes inside my network. Exit nodes really should be setup with a bit more care to make sure they can't be used to access internal hosts, especially if internal networks have public IPs, which while less common these days, is not unheard of.

    My previous 2 employers both used public IPs on their internal networks (and each had their own class public B). So, by default, a tor exit node would constitute a hole in the firewall unless specifically setup to restrict access to "local" IPs.

    Not unmanagaeble at all if you want to manage it, but, not something you want to leave in the hands of Bob in accounting.

    --
    "I opened my eyes, and everything went dark again"
  6. Once again proving.... by JustAnotherOldGuy · · Score: 3, Insightful

    Once again proving that anything that can be abused, will be abused. The spammers, scammers, and scum of the Earth will use anything they can to steal whatever they can.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  7. Re:Duh by Calsar · · Score: 4, Insightful

    I didn't say blocking Tor made you secure, I simply said traffic coming out of Tor is malicious and should be blocked. If you think blocking Tor makes no difference you are wrong. A lot of attacks are coming out of Tor and you can eliminate them with little effort.