Is there a way to block Onion protocols with an enterprise firewall or router?

[G+_cr pol]

Is there a way to block Onion protocols with an enterprise firewall or router?

[G+_Carlton Dodd]

I'm not a network guy, but I don't think so. I'm pretty sure that the protocol is implemented on the computer, and the firewall just sees regular (encrypted) packets. That's kind of the point of onion routing.

[G+_Ben Reese]

I'd say yes. From the limited stuff I've tried (I'd rather not get fired for suspected hacking), the company I'm at blocks outbound OpenVPN connections. That seems impossible to me since OpenVPN uses OpenSSL and HTTPS websites on the same server are accessible....

 

Sorry.... Yes, I think if an enterprise firewall can block OpenVPN, it can probably also block TOR. I haven't had a strong desire to test though.

[G+_Black Merc]

Ben Reese their must be something in the tor packets that the firewall can 'lock on to'(deep packet sniffing) and say 'no'.

[G+_Carlton Dodd]

How do you deep packet sniff an https packet, unless you're spoofing the encryption (which can be done on the firewall, but is shady)?

[G+_Black Merc]

Carlton Dodd their has to be a flag of a sort for the server to know exactly what to do with the packet.... The firewall is picking up on it.

[G+_Carlton Dodd]

Black Merc

Shouldn't it just be an IP address? The payload should be encrypted. You could catalog all the entry/exit points for TOR network, but those change all the time.

[G+_Black Merc]

Carlton Dodd their are many other things packed in a packet besides the payload. Do a quick image google search for 'network packet anatomy'. You will find many things that go along with your encryted data... Including, source ip, ttl, protocol, total length of packet, checksum, packet number, ip version and flags.

Any or all of these can help a firewall determine if the packet should pass.