[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: exit counts by port number over 61 days

To: or-talk@xxxxxxxxxxxxx
Subject: Re: exit counts by port number over 61 days
From: "F. Fox" <kitsune.or@xxxxxxxxx>
Date: Wed, 15 Apr 2009 15:00:55 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 15 Apr 2009 18:01:02 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=csPExfSrhemy0CT6UxgKJO1i27Cqa+4GTe8lKZhW0PU=; b=CArst3z0QpdxS/x991pS5G84Std0q+znX+fAq4cy+/ycfLBaTW0tFP5fgilPG7Hzxg OdofxY7MCP9w1jbQBcyxc68IL53nXhRJ9LsgMNbyOwa87xcVecOuqt0kj1cHv5KVXBBt L1GH/XkJYMhzvoBHVRLyX2h7nNZt4JdjoJxnE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=KlD9afqbAXvy0hI1tSeJe3tuMHcwSlMxIN8eHed05/xD2wn3CQdYtZ7Nphb2HzOoQb ye2sK99xBeBzn+ZXo+CU+2IxDOUruRw2mQjeh6JDFTiyn4EzBfhH7fLQoCO+gZx15PKY zEgL9bTQFlj8WGZS4JeZR+10vf8pGFypfwQpg=
In-reply-to: <200904141740.n3EHeYqq003149@xxxxxxxxxxxxx>
References: <200904141740.n3EHeYqq003149@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Scott Bennett wrote:
(snip)
>>> 	2) Why are there so many exits to the standard socks port?  It
>>> 	seems kind of strange to go all the way through the tor network
>>> 	fully encrypted, only to exit in the clear to a port somewhere
>>> 	else for re-encryption.  Similarly, what about pptp?
>> There are Trojans opening backdoors on that port.
>>
>> http://isc.sans.org/port.html?port=1080
> 
>      Hmm...very interesting.  Maybe I should close that one.
(snip)

Although it's a longshot, another possibility is that someone is
chaining one or more additional, non-Tor open proxies onto the end of
their proxy chain.

They may do this if they want to hide that their proxy is backed by the
Tor network from a destination admin, for example - or if Tor is
blocked, and they know of a one-hop proxy that isn't.

There are plenty of other ports to do this on, though - many of them far
more common than 1080 (and SOCKS) nowadays.

- --
F. Fox
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBCAAGBQJJ5lkWAAoJECxKjnsrYHNHW/cP/0inGiVG0yoALVoDm6lPEDTx
bFRsjcBgLwQHBqG9uKTAP4ACgg9UzceNdU0mSlto3dISMznMK1eLJU/QJVi9JlVc
38RrfilZPcdKks0QmA4DWsz3q8GBGEvrZhBn8tsSQIw/NmdoPAbHURJsVp7mFB8x
KJQ4CYD3t25FHptbWpnQTXbCr/SBV7C0s4xPFujEzn8UOtuR7ExIbWUb7C5Ye4pW
XwWgIeMZxRzChRXBOEitH0hZSabLhkMxfY81SF3c1slezwnCNv9tZCliDizFiLqQ
i4u0vrBWbAxVVXrFjKQ4YvaE3V4joZZMN0PzPkZqiMqj3h3ZDTEk2Ug+DdXtJ9/t
3gsyZ5OyMV3Vevwc+Trd1YgFEbIb8wnMFZeCbq1xSNXchTXKcbmgLU8pDQq1S9ha
oNXj5hu7GFm4tMrAokSb3BNiw/rEFtPf9BzdHFfO+L8ICzHVYIXdPjf/XBlA9wfK
BtjhrjA2x+ZVHtUo/EXu58YWoi94sUrciVA0YyXlJBBs/E4f0Nzms9tRisHG1cA9
Lhjhjad7Y9rmqbzD4aN+3A8sfl8RzOJxCEh/12Ua/FO/ihPGoXnlGFrNDzgVnz/f
WNU5mrFQbHlLJ52pd3izdQQL3mSuYLFTZ74Rk8JQde+jXY23V+Aw9q14xvuORIpQ
yifvm8NGR/36q9vBZljT
=IH40
-----END PGP SIGNATURE-----

References:
- Re: exit counts by port number over 61 days
  - From: Scott Bennett

Prev by Author: Re: Multiple Tor Installs
Next by Author: Re: tor removed from ubuntu jaunty
Previous by thread: Re: exit counts by port number over 61 days
Next by thread: Re: exit counts by port number over 61 days
Index(es):
- Author
- Thread