How to Detect and Block TOR Browser traffic

From MikroTik Wiki
Revision as of 15:18, 17 January 2017 by Strods (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

HI everyone , i wish everything going well , today we going to know how to block TOR browser

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships

or protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

you can downlaod TOR browser from the following link [1]

after discovering which destination this TOR browser is trying to connect to , we made a list with and and we added it in firewall address list

   ip firewall address-list 
   add address=98.206.110.253 comment="" disabled=no list=TOR-SERVERS
   add address=80.237.226.75 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.35 comment="" disabled=no list=TOR-SERVERS
   add address=173.254.192.37 comment="" disabled=no list=TOR-SERVERS
   add address=88.198.35.251 comment="" disabled=no list=TOR-SERVERS
   add address=77.247.181.164 comment="" disabled=no list=TOR-SERVERS
   add address=173.254.192.38 comment="" disabled=no list=TOR-SERVERS
   add address=192.251.226.205 comment="" disabled=no list=TOR-SERVERS
   add address=85.112.165.71 comment="" disabled=no list=TOR-SERVERS
   add address=76.73.48.211 comment="" disabled=no list=TOR-SERVERS
   add address=217.115.137.222 comment="" disabled=no list=TOR-SERVERS
   add address=76.73.48.210 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.41 comment="" disabled=no list=TOR-SERVERS
   add address=83.142.228.14 comment="" disabled=no list=TOR-SERVERS
   add address=77.247.181.163 comment="" disabled=no list=TOR-SERVERS
   add address=188.138.82.143 comment="" disabled=no list=TOR-SERVERS
   add address=77.247.181.165 comment="" disabled=no list=TOR-SERVERS
   add address=184.172.20.159 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.38 comment="" disabled=no list=TOR-SERVERS
   add address=173.254.192.36 comment="" disabled=no list=TOR-SERVERS
   add address=87.225.253.174 comment="" disabled=no list=TOR-SERVERS
   add address=216.17.108.63 comment="" disabled=no list=TOR-SERVERS
   add address=137.56.163.46 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.36 comment="" disabled=no list=TOR-SERVERS
   add address=204.45.133.189 comment="" disabled=no list=TOR-SERVERS
   add address=91.143.81.16 comment="" disabled=no list=TOR-SERVERS
   add address=85.228.194.157 comment="" disabled=no list=TOR-SERVERS
   add address=213.103.195.84 comment="" disabled=no list=TOR-SERVERS
   add address=137.56.163.64 comment="" disabled=no list=TOR-SERVERS
   add address=82.94.251.204 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.40 comment="" disabled=no list=TOR-SERVERS
   add address=195.242.152.250 comment="" disabled=no list=TOR-SERVERS
   add address=74.120.13.132 comment="" disabled=no list=TOR-SERVERS
   add address=62.220.135.129 comment="" disabled=no list=TOR-SERVERS
   add address=204.8.156.142 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.46 comment="" disabled=no list=TOR-SERVERS
   add address=68.169.35.41 comment="" disabled=no list=TOR-SERVERS
   add address=94.75.215.53 comment="" disabled=no list=TOR-SERVERS
   add address=85.17.97.19 comment="" disabled=no list=TOR-SERVERS
   add address=74.120.12.135 comment="" disabled=no list=TOR-SERVERS
   add address=87.225.253.173 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.42 comment="" disabled=no list=TOR-SERVERS
   add address=91.143.90.155 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.42 comment="" disabled=no list=TOR-SERVERS
   add address=188.72.225.172 comment="" disabled=no list=TOR-SERVERS
   add address=188.40.41.115 comment="" disabled=no list=TOR-SERVERS
   add address=87.118.104.203 comment="" disabled=no list=TOR-SERVERS
   add address=62.141.58.13 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.39 comment="" disabled=no list=TOR-SERVERS
   add address=93.11.116.22 comment="" disabled=no list=TOR-SERVERS
   add address=96.236.44.173 comment="" disabled=no list=TOR-SERVERS
   add address=76.73.85.122 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.37 comment="" disabled=no list=TOR-SERVERS
   add address=188.104.135.148 comment="" disabled=no list=TOR-SERVERS
   add address=188.40.51.232 comment="" disabled=no list=TOR-SERVERS
   add address=188.40.32.154 comment="" disabled=no list=TOR-SERVERS
   add address=178.162.166.13 comment="" disabled=no list=TOR-SERVERS
   add address=178.63.16.48 comment="" disabled=no list=TOR-SERVERS
   add address=83.169.0.7 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.47 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.34 comment="" disabled=no list=TOR-SERVERS
   add address=109.201.131.11 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.33 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.32 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.31 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.37 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.46 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.51 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.52 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.53 comment="" disabled=no list=TOR-SERVERS
   add address=38.229.70.54 comment="" disabled=no list=TOR-SERVERS
   add address=68.169.35.42 comment="" disabled=no list=TOR-SERVERS
   add address=74.120.12.140 comment="" disabled=no list=TOR-SERVERS
   add address=74.120.12.131 comment="" disabled=no list=TOR-SERVERS
   add address=74.120.12.130 comment="" disabled=no list=TOR-SERVERS
   add address=74.120.12.129 comment="" disabled=no list=TOR-SERVERS
   add address=76.73.85.123 comment="" disabled=no list=TOR-SERVERS
   add address=76.73.85.124 comment="" disabled=no list=TOR-SERVERS
   add address=76.73.85.125 comment="" disabled=no list=TOR-SERVERS
   add address=76.73.85.126 comment="" disabled=no list=TOR-SERVERS
   add address=80.237.226.72 comment="" disabled=no list=TOR-SERVERS
   add address=80.237.226.73 comment="" disabled=no list=TOR-SERVERS
   add address=80.237.226.74 comment="" disabled=no list=TOR-SERVERS
   add address=80.237.226.76 comment="" disabled=no list=TOR-SERVERS
   add address=80.237.226.77 comment="" disabled=no list=TOR-SERVERS
   add address=80.237.226.78 comment="" disabled=no list=TOR-SERVERS
   add address=80.237.226.79 comment="" disabled=no list=TOR-SERVERS
   add address=82.94.251.206 comment="" disabled=no list=TOR-SERVERS
   add address=87.225.253.172 comment="" disabled=no list=TOR-SERVERS
   add address=173.254.216.67 comment="" disabled=no list=TOR-SERVERS
   add address=192.251.226.204 comment="" disabled=no list=TOR-SERVERS
   add address=193.23.244.0/24 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.34 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.43 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.44 comment="" disabled=no list=TOR-SERVERS
   add address=199.48.147.45 comment="" disabled=no list=TOR-SERVERS
   add address=217.115.137.220 comment="" disabled=no list=TOR-SERVERS
   add address=217.115.137.219 comment="" disabled=no list=TOR-SERVERS
   add address=66.230.230.230 comment="" disabled=no list=TOR-SERVERS
   add address=173.254.216.69 comment="" disabled=no list=TOR-SERVERS
   add address=91.208.34.12 comment="" disabled=no list=TOR-SERVERS
   add address=188.40.172.119 comment="" disabled=no list=TOR-SERVERS

we note also that TOR browser is using port 22 and 443

so now we can match on users that is using TOR browser by the following rules


   ip firewall mangle
   add action=add-src-to-address-list address-list="New Tor-Users" \
   address-list-timeout=5m chain=prerouting comment="New Tor Version" \
   disabled=no dst-port=22 protocol=tcp
   add action=add-src-to-address-list address-list=Tor-Users \
   address-list-timeout=5m chain=prerouting comment="Tor Users" disabled=no \
   dst-address-list=TOR-SERVERS dst-port=443 protocol=tcp

and then we can block all traffic that is coming from TOR users by the following rules


   ip firewall filter
   add action=drop chain=forward comment="Drop new TOR version" disabled=no \
   src-address-list="New Tor-Users"
   add action=drop chain=forward comment="Block TOR browser" disabled=no \
   src-address-list=Tor-Users

also note that these rules we have applied on Mikrotik ROS 3.30 only , but we think it may work out on newer versions