I recently had to work with local and federal law enforcement to resolve the following.
Because of this, I've created a small piece of software (MIT Licensed) that caches the ip addresses of Tor exit nodes, and creates configuration files for different services (PaloAlto, Apache, Nginx, Iptables) in order to block Tor.
Toro was built with the Go programming language, so consuming the Tor exit node ip addresses, updating the local database, and serving the configuration files over http all happen within a single process served by a single binary.
I realize that a truly motivated attacker won't be stopped by this but I think it will help weed out certain types of offenders and potentially lead to less wasted resources for certain threat models.
Feel free to ask questions.
It looks like the EDL for Palo Alto Networks currently available at:
It would also look like the 1440 value in the URL is a value for 'last-n-minutes'. What does this refer to? Would an user benefit in any way by modifying this default value?
> It would also look like the 1440 value in the URL is a value for 'last-n-minutes'. What does this refer to?
In plain english.
"Give me all the exit node IP addresses that were part of the network in the last day (1440 minutes)."
> Would an user benefit in any way by modifying this default value?
If you only want the freshest data then append https://toro.threathound.com/paloalto/minutes/15 minutes.
If you are paranoid and do not want any known associated node in the last year, append https://toro.threathound.com/paloalto/minutes/15 minutes.
The default of 1440 is simply the last day and seemed reasonable.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!