[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: both my servers crashed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 24 Apr 2005, Ron Davis wrote:
> Date: Sun, 24 Apr 2005 13:08:59 +0200
> From: Ron Davis <ron_davis@xxxxxxxx>
> Reply-To: or-talk@xxxxxxxxxxxxx
> To: Or-Talk <or-talk@xxxxxxxxxxxxx>
> Subject: Re: both my servers crashed
>
> On Sat, 23 Apr 2005 10:25:27 -0400, "Roger Dingledine" <arma@xxxxxxx>
> said:
>
> > > After the first Windows error message, I rebooted and found the
> > > installer exe of the backdoor program FTPCentre.13.A on my system (
> > > http://www.megasecurity.org/trojans/f/ftpcenter/Ftpcenter1.3.html ).
> > >
> > > I suspect that the instability of the system somehow opened it to an
> > > intruder.
> >
> > Hm, this is disturbing. My first thought is that this is related to the
> > insecurity of your Windows and nothing to do with Tor. Do you have any
> > reason to believe otherwise?
>
> On second thought, I suspect that the intruder may have entered the
> system via Tor. My system is behind a hardware firewall, which has ports
> 9001 and 9050 forwarded only. All other ports are closed for incoming
> traffic. While the intrusion happened, a software firewall and a virus
> guard were running on the pc. Tor is the only application that listens
> on 9001 and 9050. The firewall and guard both have update checkers that
> use port 80 outgoing. No other applications were running. Is it likely
> that un unstable Win OS starts listening on ports 9001 or 9050?
Hi-
It would be helpful to know where on your system you found the binary...
- --Quentin
Quentin Smith - http://www.comclub.org/~quentins/about
ComClub International - http://www.comclub.org/
quentins@xxxxxxxxxxx
qesmith@xxxxxxxxxxxx
As we enjoy great advantages from inventions of others, we should be
glad of an opportunity to serve others by any invention of ours; and
this we should do freely and generously.
- - Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFCa7eQ1ePQTjeBqRARAjV7AJ0TXNwYi+SgUrzcV5UvR2uRX55vmACfZcsc
Zynv7cZLqa/NbB6R+BkVOfY=
=jNoX
-----END PGP SIGNATURE-----