Blocking Tor Browser in Cisco ASA 5505

By | 31/08/2015

There has been a huge explode of the Dark Web as well as various people surfing the Deep Web for information. This always makes admins wonder “How can I block TOR from my network?”. Well, if you have a Cisco firewall, read on and block that TOR browser once and for all.

Prerequisites : ASA botnet Traffic licence for ASA. For more information: Botnet ASA license

Example configuration:

(config)# dns domain-lookup outside
(config)# dns server-group DefaultDNSServers
(config)# name-server
(config)# name-server
(config)# domain-name pc.local
(config)# dynamic-filter updater-client enable
(config)# dynamic-filter use-database
(config)# access-list dynamic-filter_acl extended permit ip any any
(config)# dynamic-filter enable interface outside classify-list dynamic-filter_acl
(config)# class dynamic-filter_snoop_class
(config-cmap)# match port udp eq domain
(config-cmap)# exit
(config)# policy-map dynamic-filter_snoop_policy
(config-pmap)# class dynamic-filter_snoop_class
(config-pmap-c)# inspect dns dynamic-filter-snoop
(config-pmap-c)# exit
(config-pmap)# exit
(config)# service-policy dynamic-filter_snoop_policy interface outside

Copy list of IP from:

Download my Excel file and paste those ips into row A5!dFsAnDIT!9c6G42zTHtKOkNW7GsgbFK-jKfaXd4hRU35eFjeQTUo
Remove duplicate entries by selecting column A, then click menu DATA, click Remove Duplicate button
Copy all IPs from column A and paste into ASDM/Botnet Traffic Filter/Black and White Lists



Leave a Reply