[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: tor trying to pop mail from random IPs on win32



Thus spake Tor question (torquestion@xxxxxxxxx):

> Is there a reason why tor would try and POP mail from random IPs
> while running in Windows?  I have a log from AVG Antivirus that
> shows tor is trying to POP mail.  The process number is tor's
> process id number at the time that it happens.  Also, I do not have
> any mail client installed on that machine that might be trying to
> POP mail

> 
> -------
> 19.7.2006 13:52:48.010 [360] AutoPOP3(10110): Connection from process 3792
> 19.7.2006 13:52:48.010 [360] AutoPOP3(10110): Connection from 127.0.0.1:1833
> 19.7.2006 13:52:48.010 [360] AutoPOP3(10110): Will connect to 218.46.74.116:110
> 19.7.2006 13:52:48.010 [b28] AutoPOP3(10110): Client connected
> 19.7.2006 13:52:48.010 [b28] OpenInternet = 0
> 19.7.2006 13:52:48.010 [b28] AddTrayIcon()
> 19.7.2006 13:53:09.025 [b28] AutoPOP3(10110): Cannot connect to EATcf-494p116.ppp15.odn.ne.jp:110
> 19.7.2006 13:53:09.041 [b28] AutoPOP3(10110): Connect: A socket operation was attempted to an unreachable host. (10065)
> 19.7.2006 13:53:09.041 [b28] AutoPOP3(10110): PROXY:S:-ERR AVG POP3 Proxy Server: Cannot connect to the mail server!
> 19.7.2006 13:53:09.041 [b28] CloseInternet = 1
> 19.7.2006 13:53:09.041 [b28] RemoveTrayIcon()
> 19.7.2006 13:53:09.244 [b28] AutoPOP3(10110): Client disconnected
> 19.7.2006 13:58:59.510 [2f0] Offline connection detected
> 19.7.2006 13:59:09.869 [2f0] Exiting
> 19.7.2006 13:59:12.088 [2f0] End of program
> 19.7.2006 13:59:12.088 [2f0] AVG for E-mail ended
> ----------

Actually if you send me your tor.exe I can have a look at it in IDA to
see if I notice anything obvious.. and shiny. I'd especially be
interested in the installer package if you happen to still have this
around.

The version number of Tor would be extremely helpful in tracking the
modified code down post-haste.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs