[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #12109 [Tor]: malicious relay suspect
#12109: malicious relay suspect
------------------------------+----------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor | Version: Tor: 0.2.4.22
Keywords: Tor bad activity | Actual Points:
Parent ID: | Points:
------------------------------+----------------------------------
Possible malicious relay using the heartbleed exploit. Or a false positive
ID flag. Or a user with no heartbleed patch installed. I am a non-exit
relay.
LOG from the IDS-built-in (Norton):
23/5/2014 05:59:57 pm,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160, ,
,"109.201.138.201, 57244"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 57244",,
23/5/2014 05:59:57 pm,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160 3, ,
,"109.201.138.201, 57244"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 57244",,
23/5/2014 04:59:59 pm,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160, ,
,"109.201.138.201, 52269"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 52269",,
23/5/2014 04:59:59 pm,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160 3, ,
,"109.201.138.201, 52269"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 52269",,
23/5/2014 06:00:00 am,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160, ,
,"109.201.138.201, 53919"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 53919",,
23/5/2014 06:00:00 am,Info,Intrusion Prevention Signature Auto Block has
blocked IP: 109.201.138.201 for a period of: 30 minutes,Detected, ,,No
23/5/2014 06:00:00 am,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160 3, ,
,"109.201.138.201, 53919"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 53919",,
23/5/2014 05:00:01 am,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160, ,
,"109.201.138.201, 48941"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 48941",,
23/5/2014 05:00:01 am,Info,Intrusion Prevention Signature Auto Block has
blocked IP: 109.201.138.201 for a period of: 30 minutes,Detected, ,,No
23/5/2014 05:00:01 am,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160 3, ,
,"109.201.138.201, 48941"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 48941",,
23/5/2014 04:00:01 am,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160, ,
,"109.201.138.201, 43936"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 43936",,
23/5/2014 04:00:01 am,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160 3, ,
,"109.201.138.201, 43936"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 43936",,
23/5/2014 03:00:01 am,High,An intrusion attempt by 109.201.138.201 was
blocked.,Blocked, ,Attack: OpenSSL Heartbleed CVE-2014-0160, ,
,"109.201.138.201, 38913"," (xxx.xxx.xxx.xxx, 443)",109.201.138.201,"TCP,
Port 38913",,
<etc>
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12109>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs