[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: both my servers crashed

Hash: SHA1

On Sun, 24 Apr 2005, Ron Davis wrote:

> Date: Sun, 24 Apr 2005 13:08:59 +0200
> From: Ron Davis <ron_davis@xxxxxxxx>
> Reply-To: or-talk@xxxxxxxxxxxxx
> To: Or-Talk <or-talk@xxxxxxxxxxxxx>
> Subject: Re: both my servers crashed
> On Sat, 23 Apr 2005 10:25:27 -0400, "Roger Dingledine" <arma@xxxxxxx>
> said:
> > > After the first Windows error message, I rebooted and found the
> > > installer exe of the backdoor program FTPCentre.13.A on my system (
> > > http://www.megasecurity.org/trojans/f/ftpcenter/Ftpcenter1.3.html ). 
> > > 
> > > I suspect that the instability of the system somehow opened it to an
> > > intruder.
> > 
> > Hm, this is disturbing. My first thought is that this is related to the
> > insecurity of your Windows and nothing to do with Tor. Do you have any
> > reason to believe otherwise?
> On second thought, I suspect that the intruder may have entered the
> system via Tor. My system is behind a hardware firewall, which has ports
> 9001 and 9050 forwarded only. All other ports are closed for incoming
> traffic. While the intrusion happened, a software firewall and a virus
> guard were running on the pc. Tor is the only application that listens
> on 9001 and 9050. The firewall and guard both have update checkers that
> use port 80 outgoing. No other applications were running. Is it likely
> that un unstable Win OS starts listening on ports 9001 or 9050? 


It would be helpful to know where on your system you found the binary... 

- --Quentin

Quentin Smith - http://www.comclub.org/~quentins/about
ComClub International - http://www.comclub.org/

As we enjoy great advantages from inventions of others, we should be
glad of an opportunity to serve others by any invention of ours; and
this we should do freely and generously.
- - Benjamin Franklin

Version: GnuPG v1.2.3 (GNU/Linux)