Flipchan wrote:
So something that listens on port 9001 and logs all incoming request just to see if there is anything scanning for Tor ports and trying to hack them, has this been done? Would be cool to look at the data from that if anyone got a link. I cant be able to find something like this online:/
Hi there,One of the cooler projects like this was Roya's active probing research on the Great Firewall[1]. In her case, she ran a private bridge (not distributed, only for her research use), connected to the bridge once from within China, then watched for new connection attempts. She also ran a packet capture for a day to help find patterns (as, again, no one's traffic passed through except hers). And it's easy to run a service on port 9001, do the connection, then remove the service if you don't want to use tor. =)
There are lots of misc scans going on, which mostly seem to be curiosity. Whenever an interesting/weird piece of malware comes out (which opens a rando port), I will occasionally do a scan to see how many machines may be infected. Funny story: after an NSA backdoor report came out, I found that millions of devices had that port open via a scan. After a brief freakout, I investigated further and found that a popular "smart TV" used the same port. :D All of this to say, of course, that the follow-up investigating and research matter a lot heh.
~Griffin[1] http://www.cs.princeton.edu/~rensafi/projects/active-probing/index.html
-- Accept what you cannot change, and change what you cannot accept. PGP: 0x03cf4a0ab3c79a63 -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk