[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor and Viruses



All,

Thanks for your excellent responses. I sounds like my experience is not exactly typical, but not unexpected, either.

I also sounds like you might be interested in more details. Actually, Geoff guessed correctly. Both shutdowns where a result of separate single events in Shadowserver's reports. The first event was a connection to a known C&C IRC server. After the second shutdown, but before I received the new logs, I figured I would just update my exit rules to reject IRC ports. But, the second event was a single connection to one of Shadowserver's honeypot HTTP servers. I didn't think there would be any use for an exit that rejected HTTP, too.

grarpamp's suggestion was great, too. I thought of running my own IDS between the exit and my gateway, and, in fact, it's already on my list of projects. I'll add Tor to the list of reasons I should put some effort into it.

Moritz - Now that I'm no longer fighting with my provider about exits, perhaps I can spare some time. I don't know what you might need, but I would be happy to help, if I can.

Oh, and speaking of help. I volunteer to update the FAQ, provided that's desirable and the Tor project folks are agreeable. Who should I talk to about that? tor-assistants at torproject.org ?

Many Thanks,
PMouse
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays