Sonicwall Signatures

Application: Tor

Tor (The Onion Router) is an anonymous proxy access for web browsing. Data packets on the Tor network take a random pathway through several servers; the client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through. It is a free application that attempts to make a user's web traffic more anonymous by bouncing that traffic within a dedicated network of relays, in an effort to mask both the traffic's actual destination and the user's actual location. The client negotiates a separate set of encryption keys for each hop on a packet's path. Tor also has bridge modes used to bypass firewall controls using network protocol obfuscation techniques. Enable Encrypted Key Exchange application signature for TCP to block the random key exchange modes like obfs3. Also, enable DPI-SSL Client Inspection to block the cloud service tunnels like meek-amazon, meek-azure, meek-google, etc.