On 05/14/2017 11:56 AM, niftybunny wrote: > The last time I checked .onion domains don’t need exits. Every Tor > node can be a chain of the path to the .onion domain. So it is > completely pointless to block all the exits and second: Exits are > the end of the chain to the “normal” internet, if you don’t want > outgoing Tor traffic from your internal network you fucking block > guards and entry/middle nodes not exits
Ummm, that's basically what I said. It was stupid for the writer to say "exits". But you know that blacklists include all Tor relays. > …. btw, good luck with blocking all guards …. Guards are public, bro. But not all bridges, of course. > niftybunny > [email protected] > > Where ignorance is bliss, 'Tis folly to be wise. > Thomas Gray > > PS: >In accordance with known best practices, any organization >who has SMB publically accessible via the internet (ports >139, 445) should immediately block inbound traffic. > > WTF?!??!?!??!?!? WHY WOULD YOU EVEN ALLOW SMB TRAFFIC FROM > UNTRUSTED INTERNET SOURCES INTO YOUR NETWORK????? WHYYYY????? Because you're a dumbass motherfucker ;) >> On 15. May 2017, at 00:08, Mirimir <[email protected]> wrote: >> >> On 05/14/2017 08:54 AM, niftybunny wrote: >>>> Known TOR exit nodes are listed within the Security Intelligence >>>> feed of ASA Firepower devices. Enabling this to be blacklisted >>>> will prevent outbound communications to TOR networks. >>> Wait, what? >> >> | WanaCrypt0r will then download a TOR client from >> | https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip >> | and extract it into the TaskData folder. This TOR client is used to >> | communicate with the ransomware C2 servers at gx7ekbenv2riucmf.onion, >> | 57g7spgrzlojinas.onion, xxlvbrloxvriy2c5.onion, >> | 76jdd2ir2embyv47.onion, and cwwnhwhlz52maqm7.onion. >> >> https://www.bleepingcomputer.com/news/security/wana-decryptor-wanacrypt0r-technical-nose-dive/ >> >> Sad but true. >> >> But what they want to block are guards and directory servers. But their >> list will probably include all relays, so whatever. >> >> Longer term, it's pointless, because malware authors can just hard code >> bridges. Even custom unlisted bridges. >> >>> niftybunny >>> [email protected] >>> >>> Where ignorance is bliss, 'Tis folly to be wise. >>> >>> Thomas Gray >>> >>>> On 14. May 2017, at 21:45, Jon Gardner <[email protected]> wrote: >>>> >>>> From the SNORT folks... >>>> >>>> http://blog.talosintelligence.com/2017/05/wannacry.html?m=1 >>>> <http://blog.talosintelligence.com/2017/05/wannacry.html?m=1> >>>> >>>> ".... Additionally, organizations should strongly consider blocking >>>> connections to TOR nodes and TOR traffic on network. Known TOR exit nodes >>>> are listed within the Security Intelligence feed of ASA Firepower devices. >>>> Enabling this to be blacklisted will prevent outbound communications to >>>> TOR networks." >>>> >>>> <>< >>>> Jon L. Gardner >>>> Mobile: +1 979-574-1189 >>>> Email/Skype/Jabber: [email protected] <mailto:[email protected]> >>>> AIM/iChat/MSN: [email protected] >>>> <mailto:[email protected]>_______________________________________________ >>>> tor-relays mailing list >>>> [email protected] >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >>> >>> >>> >>> _______________________________________________ >>> tor-relays mailing list >>> [email protected] >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> _______________________________________________ >> tor-relays mailing list >> [email protected] >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
