Item of interest?
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Jason Areff
Sent: Saturday, June 03, 2006 12:22 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Tool Release - Tor Blocker
It has come to our attention that the majority of tor users are not actually
from china but are rather malicious hackers that (ab)use it to keep their
anonymity. We have released a tool to stop users from utilizing this tool to
protect their identity from prosecution by a designated systems
administrator. Otherwise this puts the administrator in responsibility for
any malicious actions caused by said user. Forensics is left with a tor exit
node.
Recently our servers were hacked by a tor user and we were unable to
prosecute due to not being able to trace the source as the user was using
this malicious piece of software to keep his/her anonymity.
To mitigate most tor attackers we've written an apache module designed to
give tor users a 403 error when visiting a specific website. We suggest all
administrators whom do not wish a malicious tor user to visit and possibly
deface their website to enable the usage of this module. This may not get
all attackers, but hopefully it raises the security bar just a little bit
more to safeguard ourselves from hackers.
Thanks.
Jason Areff
CISSP, A+, MCSE, Security+
----------
security through obscurity isnt security
----------
CODE:
/* MOD_DETOR
*/
//blocks tor users from apache 2 server
#include "http_config.h"
#include "httpd.h"
static void mod_detor_register_hooks(apr_pool_t *p); int
mod_detor_method_handler(request_rec *rec);
module AP_MODULE_DECLARE_DATA detor_module = { STANDARD20_MODULE_STUFF,NULL,
NULL, NULL, NULL, NULL, mod_detor_register_hooks };
static void mod_detor_register_hooks(apr_pool_t *p) {
ap_hook_handler (mod_detor_method_handler, NULL, NULL, APR_HOOK_FIRST);}
int mod_detor_method_handler (request_rec * rec) {
conn_rec *connection = rec->connection;
const char *internetaddress = con->remote_ip; char *listof33[] = {
"62.178.28.11", "83.65.91.110", "86.59.21.38", " 202.173.141.155
<http://202.173.141.155> ", "69.70.237.137", "209.172.34.176",
"66.11.179.38", " 216.239.78.246", "198.161.91.196", "72.0.207.216", "
139.142.184.213 <http://139.142.184.213> ", "64.229.250.110",
"72.60.167.126", "24.36.132.185", " 70.68.168.93", "84.73.12.12",
"80.242.195.68", "84.72.104.77 ", "62.2.174.20", "211.94.188.225",
"166.111.249.39", " 218.58.83.2 <http://218.58.83.2> ", "218.72.40.145",
"219.142.175.208", "222.28.80.131", " 147.251.52.140", "81.0.225.179",
"213.220.233.15", " 85.178.229.8 <http://85.178.229.8> ", "84.58.246.2",
"80.143.198.147", "80.190.241.118", " 89.52.64.107 <http://89.52.64.107> ",
"85.214.38.21", "81.169.130.130", "83.171.170.169", " 62.75.129.201",
"217.160.177.118", "213.61.151.217", " 89.58.21.142 <http://89.58.21.142> ",
"217.172.187.46", "81.169.136.161", "213.239.202.232", " 62.75.222.205",
"84.16.234.153", "212.12.60.181", "84.167.55.157 ", "62.75.171.154",
"85.25.132.119", "217.190.228.18", " 212.112.231.83 <http://212.112.231.83>
", "213.133.99.185", "85.176.201.130", "212.112.241.137", " 131.188.185.41",
"84.175.229.31", "217.187.160.148", " 87.123.81.89 <http://87.123.81.89> ",
"212.112.235.83", "213.39.133.132", "85.176.92.87", " 212.114.250.252",
"217.160.220.28", "213.239.211.148", " 217.20.117.240
<http://217.20.117.240> ", "80.190.250.139", "212.112.241.159",
"217.224.170.117", "212.112.242.21", "212.112.228.2", "217.160.108.109", "
81.169.176.178 <http://81.169.176.178> ", "212.99.205.46", "85.31.186.86",
"85.10.240.250", " 84.141.183.62 <http://84.141.183.62> ", "84.56.199.101",
"87.106.2.7", "217.160.142.69", " 84.163.168.232 <http://84.163.168.232> ",
"213.239.217.146", "84.177.160.152", "62.75.151.195", " 81.169.176.135",
"85.214.29.61", "85.179.0.63", "85.31.187.90 ", "212.202.233.2",
"134.130.58.205", "81.169.132.19", " 212.88.142.147 <http://212.88.142.147>
", "212.168.190.8", "141.76.46.90", "80.237.203.179", " 193.28.225.8",
"88.198.253.18", "85.214.44.126", "217.160.95.117 ", "62.75.149.130",
"84.44.156.17", "81.169.180.180", " 85.14.216.20 <http://85.14.216.20> ",
"80.190.242.122", "212.112.242.159", "84.16.235.143", " 80.237.160.201",
"83.171.188.170", "217.84.3.39",
"80.190.251.24 ", "87.123.114.110", "194.95.224.201", "80.244.242.127", "
87.106.34.45 <http://87.106.34.45> ", "87.122.3.11", "83.171.173.229",
"85.10.194.117", " 217.160.132.150 <http://217.160.132.150> ",
"217.79.181.118", "212.60.156.94","213.239.212.45", " 62.75.240.77",
"217.172.183.219", "85.16.8.132", "85.14.220.126 ", "84.184.85.208",
"85.31.186.61", "217.172.49.89", " 213.203.214.130 <http://213.203.214.130>
", "81.169.178.215", "212.112.242.89", "85.214.29.234"," 213.239.194.175",
"85.14.216.207", "84.172.97.158", " 82.82.64.68 <http://82.82.64.68> ",
"195.71.99.214", "80.143.172.132", "217.20.118.52", " 217.160.170.132
<http://217.160.170.132> ", "84.56.64.207", "213.146.114.96",
"81.169.174.124", " 88.73.69.206", "84.156.61.231", "84.60.118.102",
"88.198.0.177 ", "129.187.150.131", "85.178.108.140", "217.160.109.40", "
85.176.106.4 <http://85.176.106.4> ", "84.19.182.23", "62.75.185.15",
"84.57.89.186", " 81.169.158.102 <http://81.169.158.102> ", "83.73.91.126",
"62.243.85.164", "85.57.137.206", " 63.246.145.70 <http://63.246.145.70> ",
"85.84.204.128", "84.77.51.149", "85.77.12.12", " 80.223.105.208
<http://80.223.105.208> ", "85.134.2.139", "82.141.90.19", "80.186.67.109",
" 85.76.189.225 <http://85.76.189.225> ", "193.184.9.66", "84.249.227.96",
"84.34.133.217", " 82.128.216.214 <http://82.128.216.214> ", "85.76.78.8",
"84.230.221.101", "212.246.66.120", " 80.222.75.74 <http://80.222.75.74> ",
"217.119.47.6", "82.128.214.254", "144.120.8.219", " 81.56.58.94
<http://81.56.58.94> ", "213.41.166.51", "82.228.48.220", "213.41.242.132",
" 82.227.178.224 <http://82.227.178.224> ", "81.56.123.123", "81.56.27.175",
"86.210.52.95", " 82.231.59.44 <http://82.231.59.44> ", "83.214.47.135",
"82.227.61.106", "82.67.175.80", " 82.240.188.187 <http://82.240.188.187> ",
"82.225.238.47", "88.121.142.36", "82.67.125.23", " 81.57.158.21
<http://81.57.158.21> ", "82.252.150.50", "212.56.108.4", "86.142.8.187", "
84.9.189.25 <http://84.9.189.25> ", "83.245.82.184", "81.5.172.97",
"195.62.29.176", " 217.155.230.230 <http://217.155.230.230> ",
"85.210.2.142", "193.110.91.7", "62.17.252.166", " 62.121.31.116
<http://62.121.31.116> ", "83.223.108.108", "87.80.96.52",
"213.228.241.143", " 83.245.15.87", "150.140.191.102","218.189.210.17",
" 203.218.52.238 <http://203.218.52.238> ", "195.245.255.11",
"212.24.170.230","213.253.212.106",
"193.202.88.3", "62.123.118.106", "212.239.118.83", " 143.225.178.7
<http://143.225.178.7> ", "84.221.103.103", "88.149.168.74", "151.8.40.35",
" 82.56.18.50 <http://82.56.18.50> ", "194.21.56.6", "82.60.153.158",
"159.149.57.14", " 62.48.34.110 <http://62.48.34.110> ", "84.221.75.14",
"59.134.15.153", "60.36.181.86", " 219.105.111.74 <http://219.105.111.74> ",
"83.243.88.133", "137.226.59.249", "217.19.27.52", " 82.92.225.162",
"194.109.206.212", "131.155.71.110", " 83.160.255.58 <http://83.160.255.58>
", "82.156.33.125", "62.163.136.55", "192.150.94.242", " 62.195.3.242",
"212.187.48.185", "194.109.109.109", " 193.16.154.187
<http://193.16.154.187> ", "80.126.37.100","195.85.225.145",
"192.42.113.248", " 80.127.66.162", "82.94.251.206", "137.120.180.65", "
137.120.180.50 <http://137.120.180.50> ", "195.169.149.45",
"81.191.185.124", "80.202.94.130", " 80.203.228.236", "84.16.193.140",
"80.203.211.14", "128.39.141.245 ", "60.234.229.82", "200.121.55.151",
"203.81.233.127", " 193.219.28.245 <http://193.219.28.245> ",
"83.28.65.161", "217.153.252.4", "82.76.242.24", " 80.252.209.6
<http://80.252.209.6> ", "62.119.159.118", "85.8.4.206", "83.227.72.118", "
213.113.166.221 <http://213.113.166.221> ", "83.219.212.101",
"85.225.168.113", "213.100.254.179", " 85.225.42.22", "82.182.109.115",
"217.28.206.143", " 213.112.252.71 <http://213.112.252.71> ",
"213.114.29.49", "194.249.212.110", "195.72.0.6", " 203.155.247.31
<http://203.155.247.31> ", "65.25.220.178", "67.23.145.190",
"68.227.90.101", " 70.17.122.103", "209.51.169.86", "70.187.87.248",
"70.92.178.34 ", "68.232.142.96", "24.170.55.120", "154.35.101.77", "
64.246.50.101 <http://64.246.50.101> ", "24.110.201.24", "68.7.121.40",
"147.97.50.171", " 68.167.210.203 <http://68.167.210.203> ", "18.246.2.33",
"68.173.37.136", "72.21.33.202", " 72.36.146.118 <http://72.36.146.118> ",
"207.150.167.67", "149.9.13.22", "71.133.227.217", " 216.55.190.201
<http://216.55.190.201> ", "68.40.192.5", "12.222.100.156", "216.39.146.25",
" 64.142.74.86 <http://64.142.74.86> ", "63.85.194.6", "216.130.255.201",
"146.201.211.64", " 69.60.122.49", "24.18.9.231", "18.78.1.38",
"70.84.114.153 ", "208.40.218.144", "64.122.12.107", "65.196.226.32", "
24.125.131.99 <http://24.125.131.99> ", "154.5.66.241", "65.13.27.20",
"204.253.162.11", " 129.21.228.88 <http://129.21.228.88> ", "70.110.70.238",
"137.148.5.13", "144.92.82.21", " 216.12.165.46 <http://216.12.165.46> ",
"64.90.164.74", "208.99.207.139", "68.110.103.159", " 64.5.53.220",
"168.103.224.74", "75.6.230.66", "72.177.87.57 ", "24.155.82.33",
"68.4.96.114", "72.226.235.186", " 66.219.161.166 <http://66.219.161.166> ",
"128.2.141.33", "209.237.225.10", "216.237.143.47", " 68.57.216.138",
"68.83.82.92", "206.225.83.5", "66.210.104.251 ", "216.55.149.21",
"69.41.174.196", "131.179.224.133", " 128.83.114.63 <http://128.83.114.63>
", "216.32.80.75", "66.93.170.242", "199.77.129.53", " 64.81.100.208
<http://64.81.100.208> ", "65.174.217.58", "69.205.41.136", "160.36.137.37",
" 208.14.31.5 <http://208.14.31.5> ", "24.111.174.178", "66.90.89.162",
"154.35.47.59", " 68.35.231.249 <http://68.35.231.249> ", "208.40.218.131",
"208.40.218.136", "64.74.207.50", " 70.232.120.165", "66.70.10.53",
"141.149.128.197", " 209.114.200.129 <http://209.114.200.129> ",
"154.35.85.17","208.185.251.121", "68.115.140.133", " 18.248.3.82",
"24.11.233.143", "128.2.132.175",
"70.85.75.42 ", "66.111.43.137", "140.247.60.64", "216.152.242.200", "
68.40.71.110 <http://68.40.71.110> ", "206.174.19.25", "69.163.32.140",
"24.175.184.12", " 71.32.251.76 <http://71.32.251.76> ", "24.131.177.71",
"207.210.65.130", "24.91.169.157", " 68.40.171.66", "71.242.124.82",
"18.244.0.188", "18.244.0.114 ", "18.152.2.242", "64.81.246.230",
"149.9.118.34", " 64.142.31.83 <http://64.142.31.83> ", "24.22.104.31",
"24.136.12.209", "64.34.180.99", " 68.102.99.221 <http://68.102.99.221> ",
"69.12.128.32", "69.93.158.203", "66.52.66.26", " 149.9.200.187
<http://149.9.200.187> ", "64.90.179.108", "70.16.37.14", "64.81.240.144", "
70.230.73.20 <http://70.230.73.20> ", "18.244.0.188", "71.108.145.137",
"65.254.37.163", " 71.248.176.151 <http://71.248.176.151> ",
"65.254.45.211", "66.167.32.85", "72.20.1.166", " 68.167.210.150
<http://68.167.210.150> ", "66.98.136.49", "65.60.136.107", "67.173.143.46",
" 209.8.40.177 <http://209.8.40.177> ", "24.10.127.243", "69.62.156.11",
"140.247.62.64", " 68.167.210.88 <http://68.167.210.88> ", "68.94.234.105",
"24.30.67.89", "140.247.62.119", " 68.171.51.78 <http://68.171.51.78> ",
"65.185.92.216", "68.20.30.211", "12.222.111.115", " 65.7.136.249
<http://65.7.136.249> ", "18.187.1.68", "138.236.226.221", "24.21.12.194", "
70.59.183.168 <http://70.59.183.168> ", "69.12.145.165", "128.30.28.19",
"24.117.110.24", " 69.51.152.43 <http://69.51.152.43> ", "134.53.170.128",
"198.252.201.22", "209.242.5.54", " 64.135.207.45", "154.35.1.8",
"206.124.149.146", "82.165.144.169 ", "24.250.192.233", "69.155.12.77",
"216.231.168.178", " 70.110.247.138 <http://70.110.247.138> ",
"66.146.193.33", "65.28.107.89", "24.94.2.121", " 130.126.141.153
<http://130.126.141.153> ", "71.56.235.157", "72.3.249.87",
"68.121.166.117", " 74.0.33.114 <http://74.0.33.114> ", "149.9.0.21",
"134.53.24.52", "38.99.66.86", " 216.27.178.157 <http://216.27.178.157> ",
"66.200.164.250", "168.150.251.36", "66.236.18.180", " 66.219.59.183",
"154.35.254.172",
NULL
};
int index = 0
int ast4 = 0;
while (listof33[index] != NULL) {
if (strcmp (internetaddress, listof33[index]) == 0) {
ast4 = 1;
break;
}
index++;
}
if (ast4) {
fprintf(stderr, "TOR EXIT %s ATTEMPTED CONNECT!!!\n", internetaddress);
fflush(stderr); return HTTP_FORBIDDEN; } else return DECLINED; }