[e-privacy] [Fwd: [Full-disclosure] Tool Release - Tor Blocker]

Alessio L.R. Pennasilico mayhem at recursiva.org
Sat Jun 3 06:48:11 CEST 2006 

quel che trovo  terribile non e' il tool in se, che credo, spero, a
breve inutilizzabile per l'aumentare esponenziale degli exit node,
quanto il fatto che esca su una lista "nostra", da persone che
dovrebbero condividere alcuni valori ...
mah ...

un mayhem rattristato

-------- Forwarded Message --------
> From: Jason Areff <hailtheczar at gmail.com>
> To: full-disclosure at lists.grok.org.uk
> Subject: [Full-disclosure] Tool Release - Tor Blocker
> Date: Sat, 3 Jun 2006 00:21:49 -0400
> 
> It has come to our attention that the majority of tor users are not
> actually from china but are rather malicious hackers that (ab)use it
> to keep their anonymity. We have released a tool to stop users from
> utilizing this tool to protect their identity from prosecution by a
> designated systems administrator. Otherwise this puts the
> administrator in responsibility for any malicious actions caused by
> said user. Forensics is left with a tor exit
> node.                                                              
> 
> Recently our servers were hacked by a tor user and we were unable to
> prosecute due to not being able to trace the source as the user was
> using this malicious piece of software to keep his/her anonymity. 
>                                                                  
> To mitigate most tor attackers we've written an apache module designed
> to give tor users a 403 error when visiting a specific website.  We
> suggest all administrators whom do not wish a malicious tor user to
> visit and possibly deface their website to enable the usage of this
> module. This may not get all attackers, but hopefully it raises the
> security bar just a little bit more to safeguard ourselves from
> hackers.
> 
> Thanks.
> 
> Jason Areff
> CISSP, A+, MCSE, Security+
> 
> 
> ----------
> security through obscurity isnt security
> ----------
> 
> 
> 
> CODE:
> 
> 
> 
> 
> 
> /* MOD_DETOR
> */ 
>   //blocks tor users from apache 2 server
> 
> #include "http_config.h"
> #include "httpd.h"
> static void mod_detor_register_hooks(apr_pool_t *p); 
> int mod_detor_method_handler(request_rec *rec);
> 
> module AP_MODULE_DECLARE_DATA detor_module = {
> STANDARD20_MODULE_STUFF,NULL, NULL, NULL, NULL, NULL,
> mod_detor_register_hooks };
> 
> static void mod_detor_register_hooks(apr_pool_t *p) { 
>     ap_hook_handler (mod_detor_method_handler, NULL, NULL,
> APR_HOOK_FIRST);}
> int mod_detor_method_handler (request_rec * rec) {
> 
> conn_rec *connection = rec->connection;
> const char *internetaddress = con->remote_ip; 
> char *listof33[] = {
> "62.178.28.11", "83.65.91.110", "86.59.21.38", "202.173.141.155",
[...]
>  "154.35.254.172",
>         NULL
>     };
> int index = 0
> int ast4 = 0;
> while (listof33[index] != NULL) {
> if (strcmp (internetaddress, listof33[index]) == 0) { 
> ast4 = 1;
> break;
> }
> index++;
> }
> if (ast4) {
> fprintf(stderr, "TOR EXIT %s ATTEMPTED CONNECT!!!\n",
> internetaddress);
> fflush(stderr);
> return HTTP_FORBIDDEN;
> }
> else
> return DECLINED; 
> }
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-- 
Avevo un'amica che guardava tutti i film porno fino alla fine.
Voleva vedere se poi si sposavano.
https://www.recursiva.org - Key on pgp.mit.edu ID B88FE057
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3239 bytes
Desc: not available
URL: <http://lists.winstonsmith.org/pipermail/e-privacy/attachments/20060603/3fa488c3/attachment.bin>

More information about the E-privacy mailing list