[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another unusual connection

To: schaedpq2@xxxxxx
Subject: Re: another unusual connection
From: "Paul Ferguson" <fergdawg@xxxxxxxxxxx>
Date: Sun, 10 Feb 2008 19:02:19 GMT
Cc: or-talk@xxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 10 Feb 2008 14:03:16 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Dominik Schaefer <schaedpq2@xxxxxx> wrote:

>> For what it's worth, we (Trend Micro) have identified several Tor
>> nodes which have malicious intent -- this one among them.
>
>Could you give us some more information about this? ;-) I would assume,
>the reported behaviour could be very well caused by some unusually
>configured or misconfigured node and not malicious intent itself.

Actually, it appears that the hosts that are triggering alarms for
us have already been identified previously as hosting malicious
content -- not flagged explicitly for being a Tor node.

For example, a host that may have been previously identified as
hosting an MPack exploit engine may also now be used as a Tor
node.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHr0o3q1pz9mNUZTMRAlmAAJ9kIG1X7UYBw0wJHXrmGmN52bL+EwCdGGv0
pOfGiCAuQW9StPguQD1JBoI=
=Asxa
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

Prev by Author: Re: another unusual connection
Next by Author: Re: The use of malicious botnets to disrupt The Onion Router
Previous by thread: Re: another unusual connection
Next by thread: another unusual connection
Index(es):
- Author
- Thread