Monitor Tor (Dark Web) & Other Suspicious Traffic

Identify users and applications that are accessing suspicious IP addresses.

Know the Dangers of Dark Web and Suspicious Traffic

While not necessarily shady, most Dark Web traffic is illicit. There are some legitimate privacy uses of Tor but it’s also an interchange for drugs, weapons, child pornography and worse. Most organizations don’t want their network connecting to the Dark Web.

Identify Security Risks

Network Traffic Analysis (NTA) or Flow Monitoring can identify traffic to known Dark Web entry and/or exit nodes. It can also identify traffic to specified suspicious IP lists. The scale, frequency and source of that traffic can let you identify what users or applications are accessing suspicious sites and when.

Lock Out Threats

Set up your own list of suspicious IP addresses. Get alerted when users or applications on your network attempt to access them or the Dark Web and respond immediately. You can either monitor this usage or terminate access automatically.

What is the Dark Web?

Any content you can find on the internet using a search engine is part of the Surface Web — think Wikipedia entries, company websites and e-commerce sites. Anything that isn't part of this indexed content, such as password-protected pages, content behind paywalls and company intranets, comprises the Deep Web, which makes up approximately 90 percent of the internet. The term is often used interchangeably with Dark Web, but this is inaccurate; sites in the Dark are those that aren't visible via search engine and can't be found using a regular browser.

Read more from "The Dark Web: What Lies Beyond The Light?"

What’s on the Dark Web?

The Dark Web does a brisk trade in things both legal and illicit. It's also largely recession-proof; despite multiple law enforcement busts over the last few years, the illegal drug trade in the Dark Web sees more than $100 million moved per year, according to WIRED. Weapons, ammunition and pornography are all popular market verticals, but that's just the beginning. It's also a haven for hacktivists who prefer to remain anonymous because of social pressure or government restrictions. Put simply? If you want it, you can find it in the dark.

80%
of the traffic on the dark web or through the Tor network may be illicit.

 

Identify and prevent trade in stolen credit card numbers and bank login information.

 

Limit access to identity thieves within and without your network.

 

Eliminate catastrophic business risks like child pornography and stolen data.

 

Pinpoint applications that are exposing your organization to illicit activities.

Did You Know?

The Dark Web isn’t the only potentially dangerous part of the internet – there’s a bewildering variety of suspicious IP addresses that no organization wants their users accessing. Multiple sites maintain frequently-updated lists of suspicious IP addresses that are known for illicit or malicious content. Integrate these lists into your traffic analysis to identify risks to your organization. Remember: no one wants to deal with the catastrophic legal issues raised by their network being used to traffic in child pornography.

Terms to know

  • Deep Web: the part of the World Wide Web that is not discoverable by means of standard search engines, including password-protected or dynamic pages and encrypted networks.
  • Dark Web: the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.
  • Tor: free and open-source software for enabling anonymous communication.
  • I2P: the Invisible Internet Project (I2P) is an anonymous network layer (implemented as a Mix Network) that allows for censorship-resistant, peer to peer communication.

Related content

 

Learn More About
Suspicious Traffic Monitoring