Community discussions

 
opstina
just joined
Topic Author
Posts: 17
Joined: Mon Dec 08, 2014 12:05 pm

anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 3:26 pm

Hello there,


I have used to block some webpages, but now users have found a way how to pass the firewall with "TOR browser"..



Can someone help me to block it?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 3:28 pm

Find a list of known TOR edge IP addresses, then create an IP address list with those addresses.
Then make rule #1 in the forward chain = drop packets dst-address-list=TOR_ROUTERS
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 3:29 pm

Find a list of known TOR edge IP addresses, then create an IP address list with those addresses.
Then make rule #1 in the forward chain = drop packets dst-address-list=TOR_ROUTERS
Then Update the list frequently because it changes.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
opstina
just joined
Topic Author
Posts: 17
Joined: Mon Dec 08, 2014 12:05 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 3:35 pm

Find a list of known TOR edge IP addresses, then create an IP address list with those addresses.
Then make rule #1 in the forward chain = drop packets dst-address-list=TOR_ROUTERS
Then Update the list frequently because it changes.


Bro, how to find EDGE ip'addresses? and.. i used to read a post in mikrotik and i followed their steps


http://wiki.mikrotik.com/wiki/How_to_De ... er_traffic


but no effect, seems they are old ips or ?




Thanks
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 3:49 pm

Bro, how to find EDGE ip'addresses? and.. i used to read a post in mikrotik and i followed their steps
http://wiki.mikrotik.com/wiki/How_to_De ... er_traffic

but no effect, seems they are old ips or ?
Thanks
Yes, that article has some useful information, and is exactly the solution you want, except that the address list must be very out of date indeed - the author states that they are using ROS version 3.x

Here's a site that claims to have a constantly-updated list of tor nodes.
https://www.dan.me.uk/tornodes

You'll have to parse that somehow - the easiest way to do it pseudo-manually is to copy/paste into excell, using | character as field delimiter, and then having a collumn which = concatenate("add list=tornodes address=",a1) and then copy/paste the values into terminal window after typing /ip firewall address[enter]

Yuck - if you know anything about scripting, (I don't think Mikrotik scripting is going to be useful for this) with php, perl, etc, you could probably automate this a little more.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
opstina
just joined
Topic Author
Posts: 17
Joined: Mon Dec 08, 2014 12:05 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 3:59 pm

Hello there,


I have used to block some webpages, but now users have found a way how to pass the firewall with "TOR browser"..



Can someone help me to block it?




THanks for your post bro!



I see there are million ip's in the list, are they all TOR BROWSER ips? if i put all of them in address list mikrotik will block tor's traffic for sure?

is there any way to create commands for all these ips and put in mikrotik ?

or should i create manually /ip firewall / add blla blla and put the ip manually ?




Thanks
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 4:03 pm

Like I said, copy/paste the IP list into excell, then make sure excell splits the data into columns using the | character.
Then create a new column which uses concatenate() function to combine the standard "add address-list=tor address=" with the contents of the leftmost column. Slide that formula down the column (click the little black square at the bottom-r of the cell when you have it selected) and then drag the selection to the end of the list. This will apply the formula for all rows.

Then copy the cells which now show the ROS commands....
Go into Mikrotik, delete the TOR list and then manually type /ip firewall address [enter]
Then paste the results from excell.

Again - you might find a better source for this data or else write a perl/php/python/etc script to automate this task.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 4:17 pm

Yes, that article has some useful information, and is exactly the solution you want, except that the address list must be very out of date indeed - the author states that they are using ROS version 3.x

Here's a site that claims to have a constantly-updated list of tor nodes.
https://www.dan.me.uk/tornodes

You'll have to parse that somehow - the easiest way to do it pseudo-manually is to copy/paste into excell, using | character as field delimiter, and then having a collumn which = concatenate("add list=tornodes address=",a1) and then copy/paste the values into terminal window after typing /ip firewall address[enter]

Yuck - if you know anything about scripting, (I don't think Mikrotik scripting is going to be useful for this) with php, perl, etc, you could probably automate this a little more.
Your posted site actually contains a link to IP only list :D
You can also fetch https://www.dan.me.uk/torlist/ for a list of ips only, one per line - updated every 30 minutes. Ideal for constructing your own tor banlists.
Append that with something like this - http://wiki.mikrotik.com/wiki/Using_Fet ... ress_Lists (not sure if working on current versions). Add to scheduler and you are done!
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 4:28 pm

Cool. There's the answer.

(I didn't actually study the TOR site list too carefully myself because I'm not actually interested in blocking TOR myself - heck, I'm likely to be someone who USES it.) ;)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 7:01 pm

@Zerobyte

Did you remember about evil software?? TOR is one of them.

:D :D
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Thu Apr 16, 2015 7:06 pm

@Zerobyte

Did you remember about evil software?? TOR is one of them.

:D :D
It's only evil if you use it to hide criminal activities....
Keeping the boss's middlebox from snooping on web browsing habits - or keeping the NSA out of your web browsing, that's the kind of use for me - not to go get access to illegal things on the "deep web"


(unrelated- I had my router's IPv6 firewall connections screen open, and just saw a udp packet sent to google on port 443.
Weird)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: anyone knows to block "TOR browser" in mikrotik?

Fri Apr 17, 2015 9:06 am

@Zerobyte

Did you remember about evil software?? TOR is one of them.

:D :D
It's only evil if you use it to hide criminal activities....
Keeping the boss's middlebox from snooping on web browsing habits - or keeping the NSA out of your web browsing, that's the kind of use for me - not to go get access to illegal things on the "deep web"


(unrelated- I had my router's IPv6 firewall connections screen open, and just saw a udp packet sent to google on port 443.
Weird)
Yes me don't wanted to change the topic but just noting that:
If you try Hotspot Shield you would notice that you have high SENT and RECEIVING but you are not using internet.
It's wired too.
 
opstina
just joined
Topic Author
Posts: 17
Joined: Mon Dec 08, 2014 12:05 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Mon Apr 20, 2015 9:57 am

Hi guys


Thanks for your posts!



i'm trying to make a php script to create me firewall commands automatically just to upload the list of ips
but if i block all these ip's are u sure that "TOR browser will die totally" ?


also.. i think users are using Free VPN connections to bypass our firewall that we created.. is there a possible way to block any port or something that will "DROP" all vpn connections?




Thanks.
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: anyone knows to block "TOR browser" in mikrotik?

Mon Apr 20, 2015 3:52 pm

If you wanna have script to add TOR's IP's you should see "emils" Post in above.

about other VPN and software like free gate.... I'm not sure you'll be able to make it...
 
opstina
just joined
Topic Author
Posts: 17
Joined: Mon Dec 08, 2014 12:05 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 3:48 pm

If you wanna have script to add TOR's IP's you should see "emils" Post in above.

about other VPN and software like free gate.... I'm not sure you'll be able to make it...

Bro, you didn't understand me,



i asked you how to block "VPN tunnel traffic"?


for example users find free VPN in google and go to "my network place" 2."Create new connection" and there are two options like PPPoE and VPN .. so they chose vpn and use free vpns to connect and pass our firewall..


my question is : how to block VPN tunnel traffic in mikrotik ???


THanks
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 4:30 pm

whatever port number and protocol the VPN uses - make a firewall rule that blocks it.

If the user is motivated enough, and skillful enough, then you're fighting a losing battle. They can always switch to different ports and use protocols like SSL because you cannot simply "block all SSL"

It's better to have a policy and if the user violates policy, block them from your network.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 6:57 pm

then you're fighting a losing battle.
:D
I think no one cares as me in this situation. I tried to block them. no luck. sometimes it's good to block it in internet cafe :D but because of loosing customers ( :lol: ) I didn't go further. I think you can block them in your domain via some group policy or your computers firewall. but it's really easy to bypass that.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 7:04 pm

then you're fighting a losing battle.
:D
I think no one cares as me in this situation. I tried to block them. no luck. sometimes it's good to block it in internet cafe :D but because of loosing customers ( :lol: ) I didn't go further. I think you can block them in your domain via some group policy or your computers firewall. but it's really easy to bypass that.
Probably the most reliable way is to intercept DNS, use a server that has policies, and won't give the IP address of domains that you want. DNS is unencrypted, so you could still do packet inspection to match (and drop) DNS on unstandard ports. You can map all dns to your "policy-based" server, or ONLY allow dns to that server....
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 7:48 pm

then you're fighting a losing battle.
:D
I think no one cares as me in this situation. I tried to block them. no luck. sometimes it's good to block it in internet cafe :D but because of loosing customers ( :lol: ) I didn't go further. I think you can block them in your domain via some group policy or your computers firewall. but it's really easy to bypass that.
Probably the most reliable way is to intercept DNS, use a server that has policies, and won't give the IP address of domains that you want. DNS is unencrypted, so you could still do packet inspection to match (and drop) DNS on unstandard ports. You can map all dns to your "policy-based" server, or ONLY allow dns to that server....
yup, I heard of it. but didn't try it. But e.g If i block facebook this way I think users can open it via it's IP of website, ha?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 7:55 pm

yup, I heard of it. but didn't try it. But e.g If i block facebook this way I think users can open it via it's IP of website, ha?
I just put https://173.252.88.66/ into my browser. It gave me a certificate warning, and then forced me to the host by name anyway, so I'm betting facebook won't work if you took away the DNS.... Turn off DNS in your computer and type in that IP address and see if it works... (now I'm curious)

Any user smart enough to use the hosts file / direct IP address is going to be smart enough to get around anything you do, and will most likely consider it to be a challenge and will go out of their way to defy your filters on purpose - just like climbing a mountain.

Ban this one user, or accept the fact that they're surfing facebook against the rules. Let the filtering capture 99.9% of your users, and live an easier life.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 8:05 pm

haha. I'm not gonna filter facebook (that's why I use "e.g."). I'm just curious of it's knowledge.
And as I said, In my country facebook is blocked ( :lol: ) so people use VPN and proxies and...

Can you give me the config so i can test it? :D
(I've got plenty of IPs and sample config but it's not available)
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 8:14 pm

Can you give me the config so i can test it? :D
(I've got plenty of IPs and sample config but it's not available)
There's no config - just turn off DNS in your computer and surf to that IP - that's facebook's IP.

Only do this if you're really bored, though... it's not important. I just wanted to see what facebook would do if I tried to reach them using the IP address as the URL. (as expected, it changed me over to the hostname)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Apr 22, 2015 8:58 pm

facebook is blocked in country :D
but I redirect bing to google. that was fun :D
but when I tried some HTTPS, no luck. just open that page with delay.
 
User avatar
davidnvega
just joined
Posts: 19
Joined: Wed Aug 28, 2013 11:11 pm
Location: San Juan, Argentina
Contact:

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Jun 24, 2015 6:48 pm

Yes, that article has some useful information, and is exactly the solution you want, except that the address list must be very out of date indeed - the author states that they are using ROS version 3.x

Here's a site that claims to have a constantly-updated list of tor nodes.
https://www.dan.me.uk/tornodes

You'll have to parse that somehow - the easiest way to do it pseudo-manually is to copy/paste into excell, using | character as field delimiter, and then having a collumn which = concatenate("add list=tornodes address=",a1) and then copy/paste the values into terminal window after typing /ip firewall address[enter]

Yuck - if you know anything about scripting, (I don't think Mikrotik scripting is going to be useful for this) with php, perl, etc, you could probably automate this a little more.
Your posted site actually contains a link to IP only list :D
You can also fetch https://www.dan.me.uk/torlist/ for a list of ips only, one per line - updated every 30 minutes. Ideal for constructing your own tor banlists.
Append that with something like this - http://wiki.mikrotik.com/wiki/Using_Fet ... ress_Lists (not sure if working on current versions). Add to scheduler and you are done!

Hi Emils, I'm trying to fetch this file as you said. At first step I tried to download the file in this way:

/tool fetch src-path=text.txt mode=https url="https://www.dan.me.uk/torlist/"

And it says: failure: cannot open file

What i'm doing wrong? Thanks!

Sorry, it works... changing src-path for dst-path. Thanks!
Sorry for my English, I speak Spanish.
 
User avatar
rmmccann
Member Candidate
Member Candidate
Posts: 182
Joined: Tue Sep 25, 2012 11:15 pm
Location: USA

Re: anyone knows to block "TOR browser" in mikrotik?

Fri Aug 28, 2015 6:56 pm

Did you ever have success making this work? I've been playing around with it and the example and it appears as though the parse command can't be used on a file larger than 4096 bytes.
A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. --Douglas Adams
 
UsernameMT
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Mon Nov 02, 2015 1:42 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Nov 18, 2015 2:41 pm

Hi
If, in the 951G-2HnD enter the address-list on 7000 IP - he will die? (
https://www.dan.me.uk/tornodes
anyone tried?
sorry for my English
 
UsernameMT
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Mon Nov 02, 2015 1:42 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Tue Mar 01, 2016 12:30 pm

list of TOR IP addresses (~7000 IP)
banTOR-29.02.2016-14.07.08.rsc
on RB911G-5HPnD - works good
CPU - load low.
You do not have the required permissions to view the files attached to this post.
sorry for my English
 
Arslan
just joined
Posts: 1
Joined: Wed Dec 27, 2017 12:41 pm

Re: anyone knows to block "TOR browser" in mikrotik?

Wed Dec 27, 2017 12:44 pm

Hello , Everyone. Please send the new link banTOR-29.02.2016-14.07.08.rsc , this links was expired.
Thanks in advance

Who is online

Users browsing this forum: No registered users and 116 guests