Tor Detection
This page provides information on the Tor Detection in Netify's Network Intelligence Engine. To learn more about our full suite of intelligence drivers, see our intelligence capabilities page.
Risk Overview
Much like consumer VPN services, Tor protects privacy and makes it possible to prevent unwanted third-party tracking of Internet activity. However, for businesses and other environments, Tor can pose a threat to security, compliance, and network access control.
Indicator Drivers
Tor Bridge Driver
The Tor Bridge indicator driver is triggered when a connection to a remote Tor bridge node is detected. A Tor bridge is essentially a hidden entry point to the Tor network.
- Tag
- tor_bridge
- Score
- Critical Risk - 85
- Version
- 1.2.0
Tor Exit Driver
The Tor Exit indicator is triggered when a connection to or from a Tor exit node is detected. A Tor exit node is the final relay in a Tor circuit. While entry and middle nodes pass encrypted traffic within the Tor network, the exit node is the off-ramp where data is decrypted and sent out to the open internet.
- Tag
- tor_exit
- Score
- High Risk - 70
- Version
- 1.2.0
Tor Relay Driver
The Tor Relay indicator driver is triggered when a connection to a remote Tor relay node is detected. A Tor relay is one of the primary entry points to the Tor network. This driver uses IP feeds as well as DGA, TLS and other heuristics to detect Tor traffic.
- Tag
- tor_relay
- Score
- High Risk - 70
- Version
- 1.2.0