[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: exit counts by port number over 61 days

     On Wed, 15 Apr 2009 15:00:55 -0700 "F. Fox" <kitsune.or@xxxxxxxxx>
>Scott Bennett wrote:
>>>> 	2) Why are there so many exits to the standard socks port?  It
>>>> 	seems kind of strange to go all the way through the tor network
>>>> 	fully encrypted, only to exit in the clear to a port somewhere
>>>> 	else for re-encryption.  Similarly, what about pptp?
>>> There are Trojans opening backdoors on that port.
>>> http://isc.sans.org/port.html?port=1080
>>      Hmm...very interesting.  Maybe I should close that one.
>Although it's a longshot, another possibility is that someone is
>chaining one or more additional, non-Tor open proxies onto the end of
>their proxy chain.
>They may do this if they want to hide that their proxy is backed by the
>Tor network from a destination admin, for example - or if Tor is
>blocked, and they know of a one-hop proxy that isn't.

     Okay, thanks for that.
>There are plenty of other ports to do this on, though - many of them far
>more common than 1080 (and SOCKS) nowadays.
     Right.  I think I'll hold off a bit longer to see what other comments
people may make here before I close that port.
     BTW, I am still very interested in reading any comments people may have
regarding patterns or anything else they notice in the exit counts that I
posted here.  I looked for the most obvious stuff, but there may be other
weirder stuff going on involving port numbers that had fewer, yet still
significant numbers of, exits.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *