Hi Scott, Am 13.04.2009 um 19:00 schrieb Scott Bennett:
1) Why is the nicname/whois port the most heavily used? In fact, why is it getting much use at all?
My guess: spammers and profilers, scanning for email adresses and other personal data.
2) Why are there so many exits to the standard socks port? It seems kind of strange to go all the way through the tor network fully encrypted, only to exit in the clear to a port somewhere else for re-encryption. Similarly, what about pptp?
There are Trojans opening backdoors on that port. http://isc.sans.org/port.html?port=1080
4) Who still uses RFS? Didn't that die out a *long* time ago? (The rfs port had 70 exits.)
I bet nobody. That's why there seems to be somebody using the port for something else.
Description: S/MIME cryptographic signature