Showing results for 
Search instead for 
Did you mean: 
Create a Post

Blocking TOR Exit nodes with scripting

Hello guys!

I'm planning to block all of TOR exit nodes using Checkpoint scripts created for that purpose, see link below.

How to block traffic coming from known malicious IP addresses 

My question is this..

Will these exit nodes be append to the SAM Rule, or when it updates the SAM Rule will it clean all my SAM Rules already created and in place?

Thank you very much for your support.

Best regards.

Luis Borralho

Tags (1)
3 Replies

Re: Blocking TOR Exit nodes with scripting

That SK uses the fw samp mechanism, which is completely different from SAM rules.

Note fw samp is SecureXL friendly and is more efficient than using SAM rules.

0 Kudos

Re: Blocking TOR Exit nodes with scripting

Does it require anything else specific, except modification of script? 

I've configured and can see rules in samp, but it's not enforce, nothing get block from source IP's.

TAC case opened, just in case..


operation=add uid=<5cf8fc48,000003b0,65c5c30a,000068d2> target=all timeout=458 action=drop log=log comment=threatcloud_TOR_block service=any source=range: pkt-rate=0 req_type=quota

0 Kudos

Re: Blocking TOR Exit nodes with scripting

Curious why this route and not simply blocking the TOR app in policy?  Do you not have app control?  I looked at the script but it would have to be redone after upgrade/lifecycle.  Simply blocking app makes it part of the policy.

0 Kudos