[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: both my servers crashed



On Sun, Apr 24, 2005 at 01:08:59PM +0200, Ron Davis wrote:
> On second thought, I suspect that the intruder may have entered the
> system via Tor. My system is behind a hardware firewall, which has ports
> 9001 and 9050 forwarded only. All other ports are closed for incoming
> traffic. While the intrusion happened, a software firewall and a virus
> guard were running on the pc. Tor is the only application that listens
> on 9001 and 9050. The firewall and guard both have update checkers that
> use port 80 outgoing. No other applications were running. Is it likely
> that un unstable Win OS starts listening on ports 9001 or 9050? 
> 
> OTOH, the virus guard didn't intercept the intrusion. Maybe it wasn't
> functioning anymore because of the instable OS? Will an unstable OS open
> ports? I'm just thinking out loud now.

Could you check the date (created, accessed, modified etc) on the unwanted 
binaries and compare it with your tor log?
Any general system logs available?
What was installed, except the known software?
Was your AV up to date?

/Thomas
-- 

Attachment: signature.asc
Description: Digital signature