[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] IP addresses as false positives?
grarpamp:
>> I run in a dedicated low-power box on my LAN, to save electricity. Is
>> that as good as a VM?
>
> Whichever way you like. If you've got all sorts of virii/malware
> going on in an environment of exposure you wouldn't want
> your regular personal files or activities exposed to that.
All my connections/boxes/firewalls are OK, generally get very few alert s
>
>> I don't know how to confirm that exits are MITMs. I can post the FPs of
>
> Turn off TBB, Tor, bridge, vidalia, socks, everything about tor.
> Browse to the same place/url you got an alert with normal Firefox
> over clearnet See if you get an alert.
>
>> the ones that show up, though. So far all the alerts lead me to
>> recognizable nodes that show up OK in Atlas, etc.
My mistake. One IP address can't be found in Atlas or Globe. See below.
>
> Others have not reporting 'all these alerts' and exits "several days".
> If you wanted to you could post the name and version
> of your "AV program" and your OS version.
> And the full text of one of these alerts (if it's not
> sensitive to you) and the exit FP.
I've gone back to my records. The .txt attachment gives what I'd gotten
for three different IP addresses. I'm not panicked about this & don't
expect anyone to put more time into my query. But the different results
may interest someone. - eliaz
4:35 AM 1/6/2015
AV alerts on tor nodes
Here follows traces of IP addresses that provoked virus alerts in Avast Pro Antivirus. Five alerts from three IP addresses (2, 1, 2). These were interspersed with some other similar alerts for different IP addresses that I didn't record. See second trace below.
===================================================================================
Trace 1 (2 instances)
Object: https://95.211.98.159
Fingerprint: 64846B8BAEDB6234FEB18E18124CC9C9C279C254
Via Globe
===================================================================================
Trace 2 (2 instances)
Object: https://212.83.183.18 (2 instances)
Fingerprint Not found:
Could not reach via Atlas or Globe. Clearnet browser times out; got tired of waiting for tor browser to connect. Ping times out. Tracert gives:
tracert 212.83.183.18
Tracing route to this.is.a.tor.exit.afo-tm.org [212.83.183.18]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.1
11 144 ms 142 ms 145 ms online-gw.ip4.gtt.net [46.33.93.90]
12 141 ms 143 ms 142 ms 195.154.1.163
13 * * * Request timed out.
...
15 * * * Request timed out.
16 * ^C
===================================================================================
Trace 3 (1 instance)
URL: https://176.9.232.121
Fingerprint: 66FDD4CD9C048B42650C2617C7FB7A51095CB31D
Via Globe
===================================================================================
Detail:
All AV scanners up to date.
Tor box runs Avast Pro Antivirus, and runs tor only. I don't run a tor client from there.
Other box runs AVG Antivirus usually runs clearnet firefox. I can turn on torbrowser & vidalia as necessay, though. They were off while I tried to rouse Trace 2 in clear.
OSs are Win7 32 bit (tor box), 64 bit (other box)
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays