Datto Partner Portal: Tor node blocking with Datto Threat Intelligence

Follow

Topic

This article describes how the Datto Partner Portal blocks traffic from known Tor nodes and blacklists their IP addresses.

Environment

  • Datto Partner Portal

Description

What are Tor nodes?

Tor Nodes are servers that pass traffic anonymously from the Tor Network (commonly known as the Dark Web).  Each Tor node works as part of a Tor circuit which uses a series of these nodes to hide the origin IP of traffic over the Tor Network. Traffic passed through the Tor network can contain malicious or illegal information. 

How does the Datto Partner Portal block inbound traffic from Tor nodes?

  • Although the origin IP address for Tor traffic is not known, The IP address of the exit relay—the node on the Tor circuit from which the traffic passes outward—is visible.
  • Internet security companies compile and maintain lists of known Tor exit relay IP addresses, often updated by the minute.
  • Datto Threat Intelligence scans a database of these lists every 30 minutes and automatically blacklists IP addresses appearing on these lists. 

How can I see the number of blocked Tor nodes?

Datto Threat Intelligence is always enabled. You can see the number of blocked Tor nodes on the Organization Settings page of the Partner Portal, at the top of the Blacklisted IPs card. 

mceclip1.pngFigure 1: Organization Settings: the Blacklisted IPs card (click to enlarge)

Additional Resources


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.