[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: shadowserver.org



On Mon, Jun 14, 2010 at 4:27 PM,  <alex-tor@xxxxxxxxxx> wrote:
> Last thing was that their honeypots recorded access of an IRC-Bot to a
> "Command & Control Server" from which it got orders to launch a
> DDos-attack. First, I wonder why this bot contacts their honeypots and
> gets new commands from them. And second, the exit policy of my node does
> not allow IRC.
>
> For me this makes no sense at all.
>

From my experience, shadowserver has a habit of being overzealous like
this. I've never dealt with them in the context of Tor, but I had an
experience trying to get them to remove a large, legitimate IRC
network from their blacklists awhile ago (apparently, some wireless
providers use these blacklists to block traffic by IP). My impression
is that anything that they consider to be even peripherally related to
botnet or spam activity gets blacklisted and reported, without much
further investigation. I was told that they removed those servers from
their blacklists, but as of now (many months later), they are still
listed.

Many ISPs are willing to simply ignore automated and often-incorrect
abuse reports like these.

 - John
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/