[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: another unusual connection
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- Dominik Schaefer <schaedpq2@xxxxxx> wrote:
>> For what it's worth, we (Trend Micro) have identified several Tor
>> nodes which have malicious intent -- this one among them.
>
>Could you give us some more information about this? ;-) I would assume,
>the reported behaviour could be very well caused by some unusually
>configured or misconfigured node and not malicious intent itself.
Actually, it appears that the hosts that are triggering alarms for
us have already been identified previously as hosting malicious
content -- not flagged explicitly for being a Tor node.
For example, a host that may have been previously identified as
hosting an MPack exploit engine may also now be used as a Tor
node.
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFHr0o3q1pz9mNUZTMRAlmAAJ9kIG1X7UYBw0wJHXrmGmN52bL+EwCdGGv0
pOfGiCAuQW9StPguQD1JBoI=
=Asxa
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/