Tor Exit Node Block Scripts



Similar documents
Linux Shell Script To Monitor Ftp Server Connection

INASP: Effective Network Management Workshops

Shell Scripts (1) For example: #!/bin/sh If they do not, the user's current shell will be used. Any Unix command can go in a shell script

Network Security In Linux: Scanning and Hacking

Automating admin tasks using shell scripts and cron Vijay Kumar Adhikari.

Background (

Unix Scripts and Job Scheduling

Introduction to Shell Scripting

How to Set Up pgagent for Postgres Plus. A Postgres Evaluation Quick Tutorial From EnterpriseDB

List of FTP commands for the Microsoft command-line FTP client

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

Install Cacti Network Monitoring Tool on CentOS 6.4 / RHEL 6.4 / Scientific Linux 6.4

Setting Up Scan to SMB on TaskALFA series MFP s.

Linux Syslog Messages in IBM Director

File Transfer Examples. Running commands on other computers and transferring files between computers

CS2720 Practical Software Development

How Strong Is Your Fu?

Using SNMP to Obtain Port Counter Statistics During Live Migration of a Virtual Machine. Ronny L. Bull Project Writeup For: CS644 Clarkson University

Monitoring a Linux Mail Server

Extending Remote Desktop for Large Installations. Distributed Package Installs

Syntax: cd <Path> Or cd $<Custom/Standard Top Name>_TOP (In CAPS)

IIS, FTP Server and Windows

How to Push CDR Files from Asterisk to SDReporter. September 27, 2013

Project 2: Firewall Design (Phase I)

FTP Server Configuration

Installing a Symantec Backup Exec Agent on a SnapScale Cluster X2 Node or SnapServer DX1 or DX2. Summary

An Introduction To The Web File Manager

The Einstein Depot server

High Availability for Informatica Data Replication in a Cluster Environment

Setting cron job Linux/Unix operating systems using command-line interface

Configuration Guide. Remote Backups How-To Guide. Overview

Thirty Useful Unix Commands

sqlcmd -S.\SQLEXPRESS -Q "select name from sys.databases"

Deploying Microsoft Operations Manager with the BIG-IP system and icontrol

HP-UX Essentials and Shell Programming Course Summary

Novell ZENworks Asset Management 7.5

SFTP SHELL SCRIPT USER GUIDE

Automating FTP with the CP IT

Linux FTP Server Setup

Perdix: A Query Language for Security Logs

Command Line Crash Course For Unix

Installation and Deployment

Using TestLogServer for Web Security Troubleshooting

PasserellesNumeriquesCambodia (PNC)

Linux Networking Basics

FTP Peach Pit Data Sheet

Defeating Firewalls : Sneaking Into Office Computers From Home

SOA Software API Gateway Appliance 7.1.x Administration Guide

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

Penetration Testing Report Client: Business Solutions June 15 th 2015

Linux logging and logfiles monitoring with swatch

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

SSL Tunnels. Introduction

Click Studios. Passwordstate. Upgrade Instructions to V7 from V5.xx

EventTracker: Configuring DLA Extension for AWStats Report AWStats Reports

Overview. Remote access and file transfer. SSH clients by platform. Logging in remotely

How to use the UNIX commands for incident handling. June 12, 2013 Koichiro (Sparky) Komiyama Sam Sasaki JPCERT Coordination Center, Japan

Technical Report. Implementation and Performance Testing of Business Rules Evaluation Systems in a Computing Grid. Brian Fletcher x

Introduction to Passive Network Traffic Monitoring

Application Note: FTP Server Setup on computers running Windows-XP For use with 2500P-ACP1

BioSense 2.0. User Community Extension Project. Getting Started With The Data Lockers. Information Contributed by:

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Integrating Secure FTP into Data Services

Introduction to Shell Programming

PHP Authentication Schemes

Hadoop Hands-On Exercises

SEO - Access Logs After Excel Fails...

Installing and running COMSOL on a Linux cluster

Blackboard Open Source Monitoring

Advanced PBS Workflow Example Bill Brouwer 05/01/12 Research Computing and Cyberinfrastructure Unit, PSU

CounterPoint SQL and Magento ecommerce Interface

What Does Tequila Have to Do with Managing Macs? Using Open Source Tools to Manage Mac OS in the Enterprise!

TECHNICAL NOTE Stormshield Network Firewall AUTOMATIC BACKUPS. Document version: 1.0 Reference: snentno_autobackup

Filter Avoidance and Anonymous Proxy Guard

Hadoop Hands-On Exercises

CS WinOMS Practice Management Software Server Migration Help Guide

Answers to Even-numbered Exercises

Cloud Storage Quick Start Guide

Monitoring Clearswift Gateways with SCOM

Cisco Networking Academy Program Curriculum Scope & Sequence. Fundamentals of UNIX version 2.0 (July, 2002)

Configuring Web services

F-Secure Internet Gatekeeper

IBM Pure Application Create Custom Virtual Image Guide - Part 1 Virtual Image by extending

Introduction to the ETL

This section is intended to provide sample configurations and script examples common to long-term operation of a Jive SBS installation.

NovaBACKUP xsp Version 15.0 Upgrade Guide

WS_FTP Professional 12

Guarding Against SQL Server Attacks: Hacking, cracking, and protection techniques.

Laboration 3 - Administration

EventTracker: Configuring DLA Extension for AWStats report AWStats Reports

PROGRAMMING FOR BIOLOGISTS. BIOL 6297 Monday, Wednesday 10 am -12 pm

Quickstart guide to Configuring WebTitan

CS Unix Tools & Scripting Lecture 9 Shell Scripting

Bash shell programming Part II Control statements

How to Install Multiple Monitoring Agents on a Microsoft Operating System. Version StoneGate Firewall/VPN 2.6 and SMC 3.2

Lab 2: Secure Network Administration Principles - Log Analysis

13. Configuring FTP Services in Knoppix

What is included in the ATRC server support

GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE

Specialized Programme on Internetworking Design and LAN WAN Administration

Transcription:

1 Ryan MacNeille [ ryan.macneille@gmail.com ] Tor Exit Node Block Scripts The Tor Browser is an Open Source project that allows its users to browse the internet using highly encrypted connections with anonymous servers around the world in order to hide their identity. Tor is also a common tool for accessing what is known as the Deep Web; a hidden portion of the internet containing a vast collection of illegal material including the execution of network attacks by serious hackers. Due to the complexity of tracking the IP addresses associated with Tor, it is nearly impossible to find the real source of attacks. The Tor Project (thetorproject.org) offers a Python script to view a list of IP addresses associated with the Tor network. Unfortunately, the list of IP addresses changes very frequently for security purposes. Therefore there has been no specified means to block these connections to keep hackers from attempting to gain access to network resources anonymously. TorBlock (For Windows & Linux) TorBlock is a Bash script I designed to automatically configure servers to block Tor traffic to websites on port 80 and keep its list of Tor nodes updated. The code is available for download here: http://flauk.com/tor/torblock.sh The script offers two configuration options; 1. Configuring IPTABLES on a local Linux server: a. Updates the list of Tor nodes and explicitly denies access using Linux IPTABLES commands. Tor list updates with Cron, at a frequency of the user s choice. 2. Configuring a remote Windows Apache Server s.htaccess file: a. Updates the list of Tor nodes from a Linux machine and modifies the syntax for the Apache.htaccess file b. Uses FTP to transfer the list to the Windows web server where an additional script will be run (See last page) TorTrack (For Windows & Linux) TorTrack is an additional Bash script for tracking access attempts from Tor exit nodes. The script renews the Tor list and parses through the web server s access log to show when and how often a Tor node attempts to access your website. This can also be run for the remote Windows machine using FTP to transfer the access log. The code is available for download here: http://flauk.com/tor/tortrack.sh TorTrack also has additional uses, including a documented process for tracking Tor requests from any log or error page. Additional instructions are on page 10.

2 Ryan MacNeille [ ryan.macneille@gmail.com ] TorBlock (Linux) Proof of Concept: (http://www.flauk.com/tor/torblock.sh)

3 Ryan MacNeille [ ryan.macneille@gmail.com ] TorBlock (Windows) Proof of Concept

4 Ryan MacNeille [ ryan.macneille@gmail.com ] TorTrack (Linux) Proof of Concept (http://www.flauk.com/tor/tortrack.sh)

5 Ryan MacNeille [ ryan.macneille@gmail.com ] TorTrack (Windows) Proof of Concept

6 Ryan MacNeille [ ryan.macneille@gmail.com ] TorBlock Code: ---BEGIN CODE PASTE--- #!/bin/bash # Blocking Tor Exit nodes on Windows-Apache or Linux Servers # Ryan MacNeille [flauk.com] - 2012 read -p "Installing for a remote Windows Web Server? (y/n)" yn case $yn in [Yy]* ) # REMOTE WINDOWS SERVER CONFIGURATION # SET YOUR WINDOWS SERVER FTP VARIABLES HERE FTP_HOST=MySite.com FTP_USER=John.Doe FTP_PASS=Password1234 # REPLACE THIS STRING WITH YOUR STATIC IP IF APPLICABLE IP_ADDRESS=123.123.123.123 # Generate Updated Tor-Node List echo --- Retrieving updated Tor node list from TorProject.org wget -q -O - "https://check.torproject.org/cgi-bin/torbulkexitlist.py?ip=$ip_address&port=80" -U NoSuchBrowser/1.0 > /tmp/full.tor tail -n +4 /tmp/full.tor > /tmp/tor.list echo "--- Preparing list for.htaccess" sed -i -e 's/^/deny from /' /tmp/tor.list > /dev/null 2>&1 sed -i 1i"Order Allow,Deny" /tmp/tor.list > /dev/null 2>&1 echo -e "\r\nallow from all" >> /tmp/tor.list > /dev/null 2>&1 sed -i 's ^#.*$ g' /tmp/tor.list > /dev/null 2>&1 echo -e "\r\n" cat - /tmp/tor.list > /dev/null 2>&1 # Retrieve Updated Apache Access Log From Web Server & Send the Tor List echo --- "Sending information to the Windows Server FTP" ftp -inv $FTP_HOST << EOF user $FTP_USER $FTP_PASS put /tmp/tor.list Tor_List.txt bye > /dev/null 2>&1

7 Ryan MacNeille [ ryan.macneille@gmail.com ] EOF echo --- "Configuration is complete, be sure to configure your Windows Server to complete the Installation Process" ;; [Nn]* ) # LINUX APACHE WEB SERVER CONFIGURATION IPTABLES_TARGET="DROP" IPTABLES_CHAINNAME="TOR" IP_ADDRESS=123.123.123.123 WORKING_DIR="/tmp/ # If string doesn t exist, create it. if! iptables -L "$IPTABLES_CHAINNAME" -n >/dev/null 2>&1 ; then iptables -N "$IPTABLES_CHAINNAME" >/dev/null 2>&1 fi cd $WORKING_DIR echo --- Retrieving updated Tor node list from TorProject.org wget -q -O - "https://check.torproject.org/cgi-bin/torbulkexitlist.py?ip=$ip_address&port=80" -U NoSuchBrowser/1.0 > /tmp/full.tor sed -i 's ^#.*$ g' /tmp/full.tor iptables -F "$IPTABLES_CHAINNAME" CMD=$(cat /tmp/full.tor uniq sort) for IP in $CMD; do let COUNT=COUNT+1 iptables -A "$IPTABLES_CHAINNAME" -s $IP -j $IPTABLES_TARGET done esac iptables -A "$IPTABLES_CHAINNAME" -j RETURN echo "--- IP Table rules are now set to block Tor connection attempts" rm /tmp/full.tor ---END---

8 Ryan MacNeille [ ryan.macneille@gmail.com ] TorTrack Code: ---BEGIN CODE PASTE--- #!/bin/bash - Strip Access Log & Find Tor IPs # Ryan MacNeille [flauk.com] - 2012 # # NOTE: You must modify the "CONFIGURATION LINES" below to set your Access log path and search options # Windows Servers require FTP Credentials to be set below # # -To Show possible successful access Remove grep 403 # -To Omit IP Addresses - grep -v 192.168.1.1 # -To Omit IP Ranges - grep -v 192.168.1.* # -To Select Time Frames: # # -Year = Full Year With ":" - grep 2012: # -Month = Three Letter Abbreviation - grep Mar read -p "Track Tor access on a Remote Windows Server? (y/n)" yn case $yn in [Yy]* ) #REMOTE WINDOWS SERVER CONFIGURATION IP_ADDRESS=123.123.123.123 echo Retrieving updated Tor node list from TorProject.org wget -q -O - "https://check.torproject.org/cgi-bin/torbulkexitlist.py?ip=$ip_address&port=*" -U NoSuchBrowse$ tail -n +4 /tmp/full.tor > tor.list # SET YOUR WINDOWS SERVER FTP VARIABLES HERE FTP_HOST=MyServer.com FTP_USER=John.Doe FTP_PASS=password1234 echo -ne"\n" echo "--- Retrieving Access log from Web Server" ftp -inv $FTP_HOST << EOF user $FTP_USER $FTP_PASS get access.log /tmp/access.log bye > /dev/null 2>&1 EOF echo -ne"\n" echo "--- Searching for Tor IP Addresses in the log"

9 Ryan MacNeille [ ryan.macneille@gmail.com ] echo ne \n # EDIT THIS LINE TO CUSTOMIZE OPTIONS FOR WINDOWS - See Header cat /tmp/access.log grep 403 > /tmp/tor.log grep -w -F -f /tmp/tor.list /tmp/tor.log > /tmp/tor_access.log sed -i 's ^#.*$ g' /tmp/tor_access.log rm /tmp/access.log /tmp/tor.list if [[ -s /tmp/tor_access.log ]] ; then cat /tmp/tor_access.log else echo "No connection attempts associated with Tor were found." fi;; [Nn]* ) # LINUX APACHE WEB SERVER CONFIGURATION IP_ADDRESS=123.123.123.123 echo Retrieving updated Tor node list from TorProject.org wget -q -O - "https://check.torproject.org/cgi-bin/torbulkexitlist.py?ip=$ip_address&port=*" -U NoSuchBrowser$ tail -n +4 /tmp/full.tor > /tmp/tor.list echo "Searching for Tor IP Addresses in the log" # CONFIGURATION LINES; EDIT THESE LINES TO CUSTOMIZE SEARCH OPTIONS - See Header ACCESS_LOG=/var/log/apache/httpd/access.log # Path to your access.log file cat $ACCESS_LOG grep 403 > /tmp/tor.log grep -w -F -f /tmp/tor.list /tmp/tor.log > /tmp/tor_access.log sed -i 's ^#.*$ g' /tmp/tor_access.log rm /tmp/tor.list if [[ -s /tmp/tor_access.log ]] ; then cat /tmp/tor_access.log else echo "No connection attempts associated with Tor were found." esac ---END---

10 Ryan MacNeille [ ryan.macneille@gmail.com ] TorTrack Filter Options: Users can customize the access log filter as they desire. These configuration lines are specified in the script comments. To list possible successful access: Remove grep 403 (Ex: cat $ACCESS_LOG grep 403 > /tmp/tor.log) To omit specific IP Addresses from being displayed, use the v Grep option. (Ex: cat $ACCESS_LOG grep 403 grep v 192.168.1.1 > /tmp/tor.log) To omit entire IP Ranges from being displayed, use the v Grep option with a * variable. (Ex: cat $ACCESS_LOG grep 403 grep v 192.168.1.* > /tmp/tor.log) To select a custom output time frame, use Grep with the following syntax: o -Year = Full year followed by a ":" (Ex: cat $ACCESS_LOG grep 2012: grep 403 grep v 192.168.1.* > /tmp/tor.log) o -Month = Three letter abbreviation (Ex: cat $ACCESS_LOG grep Mar grep 403 grep v 192.168.1.* > /tmp/tor.log) Windows Server Scheduled Task Batch Code (Required for running on Windows Servers) Batch file added to Windows server as a Scheduled Task, running daily. Batch file retrieves the Tor list from Linux server and copies access log to FTP directory NOTE: You MUST backup your original.htaccess file and rename it old.htaccess in the same directory PRIOR to running this script. del "C:\apache\.htaccess" copy /B /Y "C:\apache\old.htaccess"+"C:\root-FTP-directory\Tor_List.txt" "C:\apache\htdocs\.htaccess" copy C:\apache\logs\access.log C:\root-FTP-directory\access.log

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information