[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor a carrier for Botnet traffic?


The Tor anonimity network is a generic carrier for all kinds of (TCP)
traffic. Its goal is enabling people to use the internet without anyone
between them and the destination point being able to determine what is
happening. It also allows you to offer services without anyone being
able to trace back these services to you.
Now botnets need to communicate with a central instance which lets them
know what to do (e.g. send spam, ddos websites, etc.). Tor is an ideal
carrier for this: no outsider can see what kind of traffic comes out of
a system running such a bot and no-one is able to see whereto this
traffic goes. So you can't stop the traffic between the bot and its
master without blocking the whole Tor network and it is kind of hard as
well to find where all this traffic goes to (the botnet master node).
So; what should we do? Dis-allow hidden services in Tor? Or block Tor

Folkert van Heusden

Multitail es una herramienta flexible que permite visualizar los "log
file" y seguir la ejecución de comandos. Permite filtrar, añadir
colores, combinar archivos, la visualización de diferencias (diff-
view), etc.  http://www.vanheusden.com/multitail/
Phone: +31-6-41278122, PGP-key: 1F28D8AE, www.vanheusden.com