[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Odd connection attempt to tor

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Odd connection attempt to tor
From: Roger Dingledine <arma@xxxxxxx>
Date: Wed, 15 Jul 2009 16:19:26 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 15 Jul 2009 16:19:30 -0400
In-reply-to: <200907150816.49263.praedor@xxxxxxxxx>
References: <200907150816.49263.praedor@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Wed, Jul 15, 2009 at 08:16:48AM -0400, Praedor Atrebates wrote:
> I am running Mandriva with its interactive firewall enabled so it alerts me 
> whenever a connection is attempted, including tor network connections to port 
> 9001.  Usually the source is logical:  an ip address or a system name but just 
> this morning I found an odd one I've never seen before.  A connection to my 
> port 9001 was made by '.' , that is, just <dot>.  No address.
> 
> What is this?

One of the Tor relays rigged its reverse resolve to be the address ".".

See e.g.
http://trunk.torstatus.kgprog.com/router_detail.php?FP=2df3d078f8869eb9b94991e73a4561de070d7615

Of course, it could have been some other address that was connecting and
also set its reverse resolve to ".". Trusting reverse resolves isn't so
smart, it turns out.

--Roger

References:
- Odd connection attempt to tor
  - From: Praedor Atrebates

Prev by Author: Re: "permission denied" on wake-up
Next by Author: Re: warning message question
Previous by thread: Odd connection attempt to tor
Next by thread: Whats your approx. TOR-Bandwidth in german Telekom-Anschlüssen ?
Index(es):
- Author
- Thread