[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: both my servers crashed

On Sat, 23 Apr 2005 10:25:27 -0400, "Roger Dingledine" <arma@xxxxxxx>

> > After the first Windows error message, I rebooted and found the
> > installer exe of the backdoor program FTPCentre.13.A on my system (
> > http://www.megasecurity.org/trojans/f/ftpcenter/Ftpcenter1.3.html ). 
> > 
> > I suspect that the instability of the system somehow opened it to an
> > intruder.
> Hm, this is disturbing. My first thought is that this is related to the
> insecurity of your Windows and nothing to do with Tor. Do you have any
> reason to believe otherwise?

On second thought, I suspect that the intruder may have entered the
system via Tor. My system is behind a hardware firewall, which has ports
9001 and 9050 forwarded only. All other ports are closed for incoming
traffic. While the intrusion happened, a software firewall and a virus
guard were running on the pc. Tor is the only application that listens
on 9001 and 9050. The firewall and guard both have update checkers that
use port 80 outgoing. No other applications were running. Is it likely
that un unstable Win OS starts listening on ports 9001 or 9050? 

OTOH, the virus guard didn't intercept the intrusion. Maybe it wasn't
functioning anymore because of the instable OS? Will an unstable OS open
ports? I'm just thinking out loud now.

  Ron Davis