> On 15. May 2017, at 01:42, Mirimir <[email protected]> wrote: > > On 05/14/2017 11:56 AM, niftybunny wrote: >> The last time I checked .onion domains don’t need exits. Every Tor >> node can be a chain of the path to the .onion domain. So it is >> completely pointless to block all the exits and second: Exits are >> the end of the chain to the “normal” internet, if you don’t want >> outgoing Tor traffic from your internal network you fucking block >> guards and entry/middle nodes not exits > > Ummm, that's basically what I said. It was stupid for the writer to say > "exits". But you know that blacklists include all Tor relays.
Okay, they will overkill/overblock all nodes but they are out of luck with bridges. So it is pointless but they will feel better? Wow, much secure, so block, such ASL, wow! > >> …. btw, good luck with blocking all guards …. > > Guards are public, bro. But not all bridges, of course. You are right, my bad. > >> niftybunny >> [email protected] <mailto:[email protected]> >> >> Where ignorance is bliss, 'Tis folly to be wise. >> Thomas Gray >> >> PS: >In accordance with known best practices, any organization >> who has SMB publically accessible via the internet (ports >> 139, 445) should immediately block inbound traffic. >> >> WTF?!??!?!??!?!? WHY WOULD YOU EVEN ALLOW SMB TRAFFIC FROM >> UNTRUSTED INTERNET SOURCES INTO YOUR NETWORK????? WHYYYY????? > > Because you're a dumbass motherfucker ;) Firewall default is to block all traffic. You have to allow this traffic. Without using an VPN this is a special case of stupid … > >>> On 15. May 2017, at 00:08, Mirimir <[email protected]> wrote: >>> >>> On 05/14/2017 08:54 AM, niftybunny wrote: >>>>> Known TOR exit nodes are listed within the Security Intelligence >>>>> feed of ASA Firepower devices. Enabling this to be blacklisted >>>>> will prevent outbound communications to TOR networks. >>>> Wait, what? >>> >>> | WanaCrypt0r will then download a TOR client from >>> | https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip >>> | and extract it into the TaskData folder. This TOR client is used to >>> | communicate with the ransomware C2 servers at gx7ekbenv2riucmf.onion, >>> | 57g7spgrzlojinas.onion, xxlvbrloxvriy2c5.onion, >>> | 76jdd2ir2embyv47.onion, and cwwnhwhlz52maqm7.onion. >>> >>> https://www.bleepingcomputer.com/news/security/wana-decryptor-wanacrypt0r-technical-nose-dive/ >>> >>> Sad but true. >>> >>> But what they want to block are guards and directory servers. But their >>> list will probably include all relays, so whatever. >>> >>> Longer term, it's pointless, because malware authors can just hard code >>> bridges. Even custom unlisted bridges. >>> >>>> niftybunny >>>> [email protected] >>>> >>>> Where ignorance is bliss, 'Tis folly to be wise. >>>> >>>> Thomas Gray >>>> >>>>> On 14. May 2017, at 21:45, Jon Gardner <[email protected]> wrote: >>>>> >>>>> From the SNORT folks... >>>>> >>>>> http://blog.talosintelligence.com/2017/05/wannacry.html?m=1 >>>>> <http://blog.talosintelligence.com/2017/05/wannacry.html?m=1> >>>>> >>>>> ".... Additionally, organizations should strongly consider blocking >>>>> connections to TOR nodes and TOR traffic on network. Known TOR exit nodes >>>>> are listed within the Security Intelligence feed of ASA Firepower >>>>> devices. Enabling this to be blacklisted will prevent outbound >>>>> communications to TOR networks." >>>>> >>>>> <>< >>>>> Jon L. Gardner >>>>> Mobile: +1 979-574-1189 >>>>> Email/Skype/Jabber: [email protected] <mailto:[email protected]> >>>>> AIM/iChat/MSN: [email protected] >>>>> <mailto:[email protected]>_______________________________________________ >>>>> tor-relays mailing list >>>>> [email protected] >>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> tor-relays mailing list >>>> [email protected] >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>> >>> _______________________________________________ >>> tor-relays mailing list >>> [email protected] >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> >> >> >> _______________________________________________ >> tor-relays mailing list >> [email protected] <mailto:[email protected]> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays> >> > _______________________________________________ > tor-relays mailing list > [email protected] <mailto:[email protected]> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
