[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Odd connection attempt to tor



On Wed, Jul 15, 2009 at 08:16:48AM -0400, Praedor Atrebates wrote:
> I am running Mandriva with its interactive firewall enabled so it alerts me 
> whenever a connection is attempted, including tor network connections to port 
> 9001.  Usually the source is logical:  an ip address or a system name but just 
> this morning I found an odd one I've never seen before.  A connection to my 
> port 9001 was made by '.' , that is, just <dot>.  No address.
> 
> What is this?

One of the Tor relays rigged its reverse resolve to be the address ".".

See e.g.
http://trunk.torstatus.kgprog.com/router_detail.php?FP=2df3d078f8869eb9b94991e73a4561de070d7615

Of course, it could have been some other address that was connecting and
also set its reverse resolve to ".". Trusting reverse resolves isn't so
smart, it turns out.

--Roger