IBM Tells Administrators To Block Tor On Security Grounds

Mickeycaskill writes: IBM says Tor is increasingly being used to scan organizations for flaws and launch DDoS, ransomware and other attacks. Tor, which provides anonymity by obscuring the real point of origin of Internet communications, was in part created by the US government, which helps fund its ongoing development, due to the fact that some of its operations rely on the network. However, the network is also widely used for criminal purposes. A report by the IBM says administrators should block access to Tor , noting a "steady increase" an attacks originating from Tor exit nodes, with attackers increasingly using Tor to disguise botnet traffic. "Spikes in Tor traffic can be directly tied to the activities of malicious botnets that either reside within the Tor network or use the Tor network as transport for their traffic," said IBM. "Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions."

Re:See..

China is getting pretty good at it though. What is working may be blocked in 6-8 hours. It is a cat and mouse game, but that cat is getting quick, and the mice population is dwindling.

In general, if there are a lot of different connections made by different browsers [1] coming from one IP, it is suspect, and a site needs to go like Google and have a CAPTCHA before someone can move past the intro screen. CloudFlare is a good front gate to have for almost any website because of this.

As for blocking exit nodes, it is a common sense thing to block them via the router, OS stack, and application. In fact, if a node winds up on TOR at all, it winds up getting blocked just in case. This, combined with common sense IP geoblocking, cuts down enormously on the amount of attacks a site has to deal with.

[1]: Try eff.org's Panopticlick. There is yet to be a functional Web browser that isn't uniquely identified.