[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] How does CERT-FI know my SOCKS4 port?

To: Tor Relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-relays] How does CERT-FI know my SOCKS4 port?
From: Steve Snyder <swsnyder@xxxxxxxxxxxxx>
Date: Wed, 10 Jul 2013 09:57:12 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 10 Jul 2013 10:07:01 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130519 Thunderbird/17.0.6

My ISP recently sent to me a CERT-FI auto-report on malware-infectedservers in my ISP's address space. I was send this report because my IPaddress was among those flagged. My entry looks like this:

51765|aa.bbb.ccc.dd|2013-07-08 02:39:23 +0000|||Proxy|743230|Datasource:C, Type: SOCKS4 (9050)

I am wondering how CERT-FI knows about this port. This is a snippet ofmy relay config:


OutboundBindAddress aa.bbb.ccc.dd
ORPort [aa.bbb.ccc.dd]:443
DirPort [aa.bbb.ccc.dd]:80
SocksPort [127.0.0.1]:9050

Given that my SOCKS port is bound to localhost, how does CERT-FI knowabout it?

(For more info on the auto-reporter, go tohttps://www.cert.fi/en/autoreporter/autoreporter.html and log into itwith this username/password: auto/reporter)


Thanks.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] How does CERT-FI know my SOCKS4 port?
  - From: Logforme

Prev by Author: [tor-relays] Summary of v0.2.3.x --> v0.2.4.x changes?
Next by Author: [tor-relays] What to do about port scans?
Previous by thread: Re: [tor-relays] Final Warning Notice
Next by thread: Re: [tor-relays] How does CERT-FI know my SOCKS4 port?
Index(es):
- Author
- Thread