[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Odd connection attempt to tor

On Wed, Jul 15, 2009 at 08:16:48AM -0400, Praedor Atrebates wrote:
> I am running Mandriva with its interactive firewall enabled so it alerts me 
> whenever a connection is attempted, including tor network connections to port 
> 9001.  Usually the source is logical:  an ip address or a system name but just 
> this morning I found an odd one I've never seen before.  A connection to my 
> port 9001 was made by '.' , that is, just <dot>.  No address.
> What is this?

One of the Tor relays rigged its reverse resolve to be the address ".".

See e.g.

Of course, it could have been some other address that was connecting and
also set its reverse resolve to ".". Trusting reverse resolves isn't so
smart, it turns out.