Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Inbound traffic from Tor exit nodes can be common, because Tor provides anonymity to both legitimate users browsing the internet and attackers performing reconnaissance scans or brute force attacks. Blocking inbound traffic from a potentially long list of Tor exit nodes can be difficult. However, Tor-based traffic can enable attackers to hide malicious activity on the network.
Kill Chain
Risk Score
60
N/A
Block suspicious inbound Tor traffic at the network perimeter
Restrict or rate limit the number of requests the server will resolve for a given client to reduce the number of incoming connections from Tor exit nodes
Implement network segmentation, security zones, and firewall policies that limit how devices can communicate
