[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Tor relay marked "false positive" from NCSC-FI

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Tor relay marked "false positive" from NCSC-FI
From: tschador@xxxxxxxxx
Date: Wed, 2 Sep 2020 17:57:13 +0200
Autocrypt: addr=tschador@xxxxxxxxx; prefer-encrypt=mutual; keydata= mQSuBFIGeCkRDADxAG8OJFf3KpCnW6TgZUK4BIjlgQA5CHfgvqZ96Hfv7TA5DpBWWziNizXn BTt+rx6nyx8uJRMQXqVe0qEEXV2DTsAErt3kErhfdVB0SdfITNB+T4/VVEvJdhbEI63zxubg bdeV++L2Bo2PC1ZUfoSehHcjfOwWvovnrXqiDuzXRAXcebZk1vnJK2K8Bf0R2yQnjIplS18r BC8hil9haQB4xBKzHPKtaWtZfdIq8hIWLZPs8qWzCM3nME7BqJ75N6+cOx57MuOqUp65d1L9 y4VRq2aynTp/90MX/jbyR3/iMZ/P1kl6xl/HIM+VYMSXlXNsc98NOQPlhYo4MTzELXgA1Rbw c73ZppfApr2uYk+2UlREGcRj+Q+9UK9SPfYXbOs1c385P6W0FacwqiR8UrhyshWhukTPNT0c U6QIPRfx1UoLH4DWYRx2cG0M547LQV/bqnSMsmZcl4NP0XY4ALBr5r4RLbfQGxg4cK1jfBvB iIbbSUykL/mApsFprli7qxsBAN39bDCxviAjM3FaZO863RpnzDcGvXiZ4hKFsAGyVJI5DADo CgQoSgfOeo4Sujw/fdDxnNXLKHKaQbn8Y24xa2EooQzTlOiK4maURmfYz/25WYJnmfYXBBwh VFdxmgMdRlGSuXylqdk8VgThHiARJD48gTIM3O+ktxnKo2YSd6EysFsU+ThKIXs3tsuObrW1 GNidpuvIGRO1A8S2Bnm8E8cwBa+2h+dnX/41wSkyIU2gdjQjRrwD5bCd/AMwgLSWHdUGv6JZ NHAu7p1UddEU+zcOjz7cn1Qshq5E/FWuJLnGtu0q/0Z/SQLR9toofmBxoOzQXZX+1ny6awah Zf4cvKGIQbHzQ8DNnhgwkSvb2sc8ilnvqtfWBPM1hmFOX2famT/fPE5r/OGIvu7DWn+uQ/Bf IOxYlnVsbQTC1ugWu3ztHW+XigOurS/JGC/f16HSh3lV8jgfadSkm5sgXQ2gEp+C/wyDiI3E zRVDfIly5t2ejXH1vb4ruX4gmxULQDM7UG4Kyivl4xhCZ0Iyx2iHRKSAbum2FJO1gERGUEHO nJCcBLgL/08v1Ev9MsSRqa+RNjRDD0IJFvNOsToHueMHND6GbTID3GD9aTnIodbjSkSC3RR6 5E54vq65bIbJMQVJ1AKRiEppo1g2iJuli8Wm1TMAOc1hWcR21WJ14BNw4mrjEBrrUHVDbKzl Yy5TG7Qewdi8xIMKMdfy/tehqk+VLLY0T55tbAebUymjFYReN0LIPB3jzxPP0dos209aCeig vx0lCqPCKBAMy4U248XdMKvow36ETEbV5Vd1+eqtVJPVXfDZVk9u7hcjX/yAJLnR4l6l3j5y IRp07622ef/ZzZl9VDukm0u50bBIPlXjKeeXMJQz8+fEG0BclGYlITpX8epdkKOxmXOc89HQ XwOYTHY1ktzPxGvpilaU7nx9zKVESgyFkT7KmNO3/IFYIrErLDMt+We3gRCGb6kHhVE5IlME 0dz5Lv5ozpfWiJC+Qffvi1/rWeto/elF+5wdoMYb6eCutslWFQ4LKHZGovsMEebCwgppTStI l63ntXNVsVstrxB3/7QdVHNjaGFkb3IgPHRzY2hhZG9yQHBvc3Rlby5kZT6IegQTEQgAIgUC UgZ4KQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQun9lMhT+saSMOAD/VJKgVnd9 nsStp6TL78deD7kLhv7wbkUjZ2MbueXz++oBAJuIinXyLIMnD+wIas+GRFPqhEV34Ht0Fzmw 1Hc/gK7UuQQNBFIGeCkQEADcVPPWUnW/Tde7m7GtPwlzqX/lrutpFCp7yCrZgle7qhdfD9We wtPXmpNjgkga14XgQ8M5w9an+tdWCP5ACm7qvA0g6K16SpIrcIdz2Gje5uT0kme1+M3BZ8Kg 9mP2o0nxwdT6WqxoGHqf9LeKnI7xQmpqDSSmbBw3AVkCf4r4yIgtNAMylSn1Wjn+op9dyof9 SnMjXtYle5oEXRrGbQwW+P5VrAVmmfG7VaaH8FV4vfn3bwedKXx/EiD0UB25KrjP0OJ9pxYd ZyVMR7893IsjLikgVGDlIC2MorJThvZ4wUUlfCHBoVHmZlMHl6jV+v0SysYPx8W2oRpmlgzC 3679x3HEF995G6we6mFDLZutH0tk/T2sPR0+i3TegwfFyTXI0NlBUcFAYgfqsfNS0YoMMrQZ PdqoEGEY24vfVJLwh4yxMLMEDW2ey+slDrlbrjU4OUoEtx5Q3hWxKjrm0oV58U737UBbUQRQ ZQzrraLRbGcEsV8ziacZk3Pdf3umUUZDd2fKoXsaYAkTi5EcxqilF4jX72z3+i5BymQCKQpb qgx24IN6GG+5z6y6NcPmzLpjDKlmVE68OiQJWKyGDYQ1l5PPe82VNTvj+bqcVnVK4ZiOwosC 04GtYyrLkSNl+qafFw0KhE1f51w0iQMP/k3WEfbwM6eHbDpqA6zppQ341wADBQ//cn2t6sV8 E9EBATMDbDNHXvHv02NRBNjInnq1Yk7Y5eA4ZljYQB1bF6TXXoI8ooJ7SKZMzTjUo/pooogg Iusiz8c8ViPRLSfsR1PQ3IIQ1Fixf9KbFyNgKza+Hqo6psw2903MPqYHXz+Vbcbuf+/Mjgnc oW9UuNJsdTvGurDBdDgPPdV6Z0ZR5BvdUDHaYsnfusF6vuX/APwAeYsCZXzcB1aAc3UTe0Wu mbae+Q/s7y9Ex5qDBGUSGj1ydYYETbEOEYxwXmd6t1/QrqHxHtNt58jcPJEt5FTmohJsRank dk9bWwQ15HjhSz/pdalBMa5Vj8/VXtb3fpBGSxtPyaUrf/AZGTq7UZCDOb1dmiEJu5MyMJmC 9bQy3czh9EYZE0ONey6DO1Olr+Lcp88BjRYyaR0fQyerjy42o9LxDiItLCrzeCfskgcbw2pJ Mmbkaui0nuO8uXf1CGahuBw36OVJp/VUoLiS5AlrRrKIdxzR21n6dZLN+iWr3alNwZJqg05W M7a3RnZtnvoZrOtKiXHNAt+bTGP3Hh4LOzuJjR9pO+D3zzsi1Hf49uAxBwL4C7AfPXKmvK5G OggUPCq04slT50vUKoP3spqAmdkeraRf+wduU94hYVHZJ46wIyP4rKuzT8TILVpoBk6A2Vj2 toWlue5/nHFISiMU382ihrPi/ISIYQQYEQgACQUCUgZ4KQIbDAAKCRC6f2UyFP6xpJmBAP4g IFkPs0fIXZ/1iFqxvbiChfxb1a+ZElJyig9apu3I6QEAlf7QUH2NMyOGvLda4Qrgr5U55v2I 7aQAzRPNYR1DbmQ=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 03 Sep 2020 02:19:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1599062243; bh=viSHN7Xw4Gj841d/eHGI28+geytm6vd7us/42xyPTOw=; h=To:From:Autocrypt:Subject:Date:From; b=PaYSYPBEYdi7mLdcY16Jv269fctAVM+cKczpNL3iRB6iTPD6I4lYoEtdP8yw+J7mO x1bH1wHdmn5hLrU6WZHkiRyMcx7IrF9O9uNusX69pxUsLGtGfD4ctPdJ4xJP292kog 9gsbbVkSzVlbHuk82/+QqL8UMZnUngLFBJH7saG91iKX8z2WAZeHBiXTFWmWkgSkCD stLQlkq97PKGz213viEUuHnkOTNqegEYcUDzyxqKzwKiVy30/J1+z1/OadnbANcQre e/4dFcpdHmaQ2wqgQKiRfhi6d940cbLnhTTBM9Ecg0emWS20DufMb+dz6lUmxrdry2 iGm1AzxA9vqyQ==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

today my ISP received an abuse report from
ncsc-fi-autoreporter@xxxxxxxxxxx [1]:
---
The information below is presented in the following format:
ASN | IP | TIMESTAMP (UTC) | PTR/DNAME | CC | TYPE | CASE | INFO

24940|95.217.16.212|2020-09-01 07:27:48
+0000|95.217.16.212|DE|malweb|1130659|Datasource: b, Url:
hxxp://95.217.16.212/tor/server/fp/23ad6b165137d957c09aa0f7a3ee7b05cec4a8f2,
Http Request: GET, Additional Information: This host is most likely
serving a malware URL., Artifact Hash: 69b9e2721018f0ebaebf901d98d8c9b9
---
The ip belongs to my non-exit relay. [2] There is no action required for
me, but I wonder why they mark traffic on the dirport as 'malware'?

Regards

[1] https://www.traficom.fi/en/statistics/malware-detected-traficom
[2]
https://metrics.torproject.org/rs.html#details/6A7551EEE18F78A9813096E82BF84F740D32B911
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor relay marked "false positive" from NCSC-FI
  - From: Peter Gerber

Prev by Author: Re: [tor-relays] non-encrypted connections from Tor exit relays
Next by Author: Re: [tor-relays] Malicious Tor relays - post-analysis after two months
Next by thread: Re: [tor-relays] Tor relay marked "false positive" from NCSC-FI
Index(es):
- Author
- Thread