[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] IP addresses as false positives?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] IP addresses as false positives?
From: eliaz <eliaz@xxxxxxxxxx>
Date: Mon, 05 Jan 2015 07:30:15 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 05 Jan 2015 02:30:38 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1420443025; bh=SAN5ukQMQVANKV72Txofbv5OMBJnIa3zjTXNnyV2l9A=; h=Date:From:To:Subject:References:In-Reply-To:From; b=ne3CVZOeJsxKQ8mv8yjJULf5DKn/7a2kkyoO+UgBz4wq8tF3W9SusReL/jstm4PQk 0dxiYXxvMG5nlfKx/0mPfMrVWgL0dS9aAb5SeCsx3Rg401omKV6SsxMN/Kgg2BwdiH UzlGtiJjeY0nbBsjVehKtgn21PuHZ07FVkaioJjg=
In-reply-to: <CAHZ_AjvZ=QVcPpKLPzApg72iAHjSZQed6JOUka3JngDyN=1ESg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <trinity-fe1a532a-1169-40a1-8cbb-3f0015ab338b-1419765175580@3capp-gmx-bs72> <CAHZ_AjvZ=QVcPpKLPzApg72iAHjSZQed6JOUka3JngDyN=1ESg@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

The antivirus program on a machine running a bridge occasionally
reports like so:

	Object:	https://<some IP address>
	Infection: URL:Mal [sic]
	Process: ... \tor.exe

When I track down the addresses I find they are tor nodes (sometimes
bridges, sometimes guards, sometimes exits.

Are the flagged nodes in some ways miss-configured, or can I consider
these to be false positives? Is there anything to worry about here?

Detail: The tor and standalone vidalia folders have been flagged as
exceptions (i.e. excluded) in the virus scanner. The scanner's web
module is picking up the IP addresses from the port traffic.

Thanks for any enlightenment - eliaz
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] IP addresses as false positives?
  - From: grarpamp

Prev by Author: Re: [tor-relays] Reminder: don't run transparent proxies at exits
Next by Author: Re: [tor-relays] IP addresses as false positives?
Previous by thread: Re: [tor-relays] tor-relays Digest, Vol 48, Issue 12
Next by thread: Re: [tor-relays] IP addresses as false positives?
Index(es):
- Author
- Thread