[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Connections to botnet masters



Hi

this exit-node problem you may have with Google and some DNSBL (SORBS
and others?) too. Your exit node contacts several IRC channels. That is
why your node is listed as "trojan hacked".

Some times ago we have a thread about SORBS and many exit nodes were
listed in this DNSBL with the attribut "trojan hacked". Conclusion of
the thread was: "They have no glue!"

Google sometimes does not work with several exit nodes and give you the
message "You may have a virus or malware, please clean your computer!"
(or something like that).

I have changed the exit policity of my node and now it is no longer
listed in SORBS and works fine with Google. May be, this is not a good
solution. Any other suggestions?

Karsten N.

M schrieb:
> Can't remember if I posted this already so here we go...
> 
> I received a phone call from my ISP a couple of weeks ago. They told me
> that cert.fi had contacted them with an abuse report. One of my
> Tor-servers had been an exit node when someone had contacted couple of
> botnet masters according to them.
> 
> I wrote them an email telling that I'm running a tor exit node on that
> server and pointed them to http://tor.eff.org.
> 
> Is there any way to stop those connections or is this just a price to
> pay from anonymity? I guess that's pretty impossible to prevent
> connections to those machines unless one knows their ip addresses. As
> far as I know one can control botnets over irc / http / ssh or pretty
> much over any protocol so blocking some ports won't help anything.
> 
> I'm going to google and find out what's most usual way of getting
> infected by malmware that makes your computer a zombie. Let's see if I
> can educate some users on this matter so they won't get infected.
> 
> M
>