[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor and Viruses

To: Tor-Relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Tor and Viruses
From: Porcelain Mouse <porcelain_mouse@xxxxx>
Date: Wed, 13 Apr 2011 16:24:04 -0700 (PDT)
Authentication-results: smtp03.quartz.synacor.com header.from=porcelain_mouse@xxxxx; sender-id=softfail
Authentication-results: smtp03.quartz.synacor.com smtp.mail=porcelain_mouse@xxxxx; spf=softfail; sender-id=softfail
Authentication-results: smtp03.quartz.synacor.com smtp.user=porcelain_mouse@xxxxx; auth=pass (LOGIN)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 13 Apr 2011 19:24:19 -0400
In-reply-to: <alpine.LFD.2.02.1104122018100.5770@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for support and questions about running Tor relays \(exit, non-exit, bridge\)." <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <alpine.LFD.2.02.1104122018100.5770@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Alpine 2.02 (LFD 1266 2009-07-14)
X_cmae_category: 0,0 Undefined,Undefined

All,

Thanks for your excellent responses. I sounds like my experienceis not exactly typical, but not unexpected, either.

I also sounds like you might be interested in more details. Actually,Geoff guessed correctly. Both shutdowns where a result of separate singleevents in Shadowserver's reports. The first event was a connection to aknown C&C IRC server. After the second shutdown, but before I receivedthe new logs, I figured I would just update my exit rules to reject IRCports. But, the second event was a single connection to one ofShadowserver's honeypot HTTP servers. I didn't think there would be anyuse for an exit that rejected HTTP, too.

grarpamp's suggestion was great, too. I thought of running my own IDSbetween the exit and my gateway, and, in fact, it's already on my list ofprojects. I'll add Tor to the list of reasons I should put some effortinto it.

Moritz - Now that I'm no longer fighting with my provider about exits,perhaps I can spare some time. I don't know what you might need, but Iwould be happy to help, if I can.

Oh, and speaking of help. I volunteer to update the FAQ, provided that'sdesirable and the Tor project folks are agreeable. Who should I talk toabout that? tor-assistants at torproject.org ?


Many Thanks,
PMouse
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Tor and Viruses
  - From: Roger Dingledine

References:
- [tor-relays] Tor and Viruses
  - From: Porcelain Mouse

Prev by Author: [tor-relays] Tor and Viruses
Next by Author: Re: [tor-relays] tor-relays Digest, Vol 3, Issue 9
Previous by thread: Re: [tor-relays] Tor and Viruses
Next by thread: Re: [tor-relays] Tor and Viruses
Index(es):
- Author
- Thread