[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] How does CERT-FI know my SOCKS4 port?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] How does CERT-FI know my SOCKS4 port?
From: Logforme <m7527@xxxxxx>
Date: Wed, 10 Jul 2013 17:04:12 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 10 Jul 2013 12:06:01 -0400
In-reply-to: <51DD6838.1080700@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <51DD6838.1080700@xxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7

I assume the ISP did a port scan. Do you have port 9050 open in yourfirewall?


On 2013-07-10 15:57, Steve Snyder wrote:

My ISP recently sent to me a CERT-FI auto-report on malware-infectedservers in my ISP's address space. I was send this report because myIP address was among those flagged. My entry looks like this:
51765|aa.bbb.ccc.dd|2013-07-08 02:39:23+0000|||Proxy|743230|Datasource: C, Type: SOCKS4 (9050)
I am wondering how CERT-FI knows about this port. This is a snippetof my relay config:
OutboundBindAddress aa.bbb.ccc.dd
ORPort [aa.bbb.ccc.dd]:443
DirPort [aa.bbb.ccc.dd]:80
SocksPort [127.0.0.1]:9050
Given that my SOCKS port is bound to localhost, how does CERT-FI knowabout it?
(For more info on the auto-reporter, go tohttps://www.cert.fi/en/autoreporter/autoreporter.html and log into itwith this username/password: auto/reporter)
Thanks.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] How does CERT-FI know my SOCKS4 port?
  - From: mick

References:
- [tor-relays] How does CERT-FI know my SOCKS4 port?
  - From: Steve Snyder

Prev by Author: Re: [tor-relays] relay uptime
Next by Author: [tor-relays] Yet another underpowered relay?
Previous by thread: [tor-relays] How does CERT-FI know my SOCKS4 port?
Next by thread: Re: [tor-relays] How does CERT-FI know my SOCKS4 port?
Index(es):
- Author
- Thread