[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor a carrier for Botnet traffic?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor a carrier for Botnet traffic?
- From: Freemor <freemor@xxxxxxxxx>
- Date: Tue, 1 Sep 2009 12:02:45 -0300
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 01 Sep 2009 11:09:50 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:reply-to:x-mailer:face :mime-version:content-type; bh=qHkghLeVWHUXtyU9iNiYCZ8eFWQyjShrJQPGyKWx/tY=; b=TcWcHfhcnNjdipmaHGcVBmgHKxXkYx3EPp5VaLwHzzmiuUND+Vy8/NfHWByK1Ng4zx 2k78eWM0cUaeLTF18rzBr1Qu/Q0nScaxss7v2ETnaSo4iPSDNr7oGXOAd1Wz1e8Yupad MDDYANxtuNxIXLrzMXYC8nmiFRxMWbAKWh+fc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :x-mailer:face:mime-version:content-type; b=QoywdXpC0vU+2psDctUVWAJIjGKHhRPxJpY6oFLY9YjEe6iBQ/AiAr7jGZVCofV6IJ 0kaf8eStyWU6Tu23cqVfW5Ds7c7RAlCi1a3g5GWsLL9rc9tQnDrx+KxTawNKBSZUTbrw KiXsrZ8AixjDi/Ozq7b1wbdHpsTrNFWzNu1uQ=
- Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEXn2K356bi4xY5EMR+GuGqSkWzK+eFKflhGAAABqElEQVQ4jY3SzW7bMAwAYEqbexZToGdXiXseyvg+LG7Pjg32nGSr3v8RSlLyT4NmKAEDBr+QtKjA6ymlhp5SSlFehlTiHzx9DQnS/+Cd0i24WfGqr3epmgEKvKV0AkQfp7QDqTGozygRLB9WcMEcXvIIAFigdwWCVq4BJwB9ZhgfF3BaUODCeAWuwLACWMNxBV7xK4Bwo8JAQiHNHwU1TGHgtqTzw0jUL/CQTu7oSc5+37sQJzgLnDGddIdhEwFDyO1QdzCM9AzgWVrxUMYobIbLD2Lmu7RtmeNSgfxOkmne/gr3PoOts2F65hwDQD/DBmLkx4eGo+YlfIwZXGyiO1dNjDWC93HXdQbVMUgGsRlq2YmmZ5Csm5ZleYNgUG43+G4GqDRZRbuuUtDZkiu7WrBmYOlDZ1/XLHeOudNhX8AF+XQ5MYaYO5EepmY+5j+TzN5NUEst86/PnXT4n58KrZMmjUyvrkD/o9oq8Ay/M7S5U9VeV5AdYjPSArsMNl6udg0vCjIet7SCTqAVIPm1xDJDHquY4lvQrYH2stoJRvocGQ57uo69wAeDBdMp0Qij8AAAAABJRU5ErkJggg==
- In-reply-to: <20090901145157.GB8023@xxxxxxxxxxxxxxxxxxxxxx>
- References: <20090901142042.GD11026@xxxxxxxxxxxxxx> <20090901145157.GB8023@xxxxxxxxxxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Tue, 1 Sep 2009 10:51:58 -0400
krishna e bera <keb@xxxxxxxxxxxxxx> wrote:
>
> Until some security forensics people document that Tor is being used
> in real botnets, i don't think new policies restricting Tor usage
> are called for.
>
>
I'm on the same page here until I see a properly documented case of Tor
being used as a CnC channel or in some other way by a bot net I'm
going to chalk it up to FUD.
To the OP the open Internet carries FAR more botnet traffic.. perhaps
we should block the entire net? If you want to stop botnets.. educate
people. Teach them how not to get infected. Teach them how to tell if
they are infected. Teach then to use firewalls that are not outbound
leaky and are on an independent machine used just as a FW with no
remote admin. Proper security practises would do far more to stop
Botnets then worrying about Tor.
--
freemor@xxxxxxxxxxx
freemor@xxxxxxxxx
This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
Attachment:
signature.asc
Description: PGP signature