The TOR client creates its own self-signed SSL certificate using a random common name (domain name) that changes after approximately every 30 minutes.Īfter going around and around with this scenario without success, I decided to try and block access to the TOR exit nodes from our network. Once the initial connection is made, the traffic primarily uses TCP/443 (HTTPS/SSL/TLS) with the traffic payload being encrypted. In a nutshell, from my packet captures with Wireshark, tcpdump, and other programs, initially connects via TCP port 9001, then tries TCP port 9090, then starts “port hopping” (jumping from TCP port to port) to make an initial connection with a TOR exit node. I am a network administrator and have been tasked with making sure that our network is in compliance with our school district’s AUP’s, CIPA, etc. This How-To is not about what is right and what is wrong about content filtering and censorship. In order to be in compliance with CIPA and other regulations we have Internet monitoring, traffic shaping and content filters in place. We have in place AUP’s (Acceptable Use Policies) that outline what is acceptable, what is not and the consequences that may occur for violation of these policies. With the “sugar” comes a bit of “vinegar”, our Internet usage must comply with CIPA (Child Internet Protection Act) and several other regulatory guidelines or we risk losing the federal subsidized funding for our Internet access and transit.
I am employed by a K-12 educational school district located in Texas and our Internet access (including transit charges) are subsidized via the E-Rate program. First for some background on our situation and the usage of TOR:
0 kommentar(er)
