[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] suspicious exit?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] suspicious exit?
From: JB <technomental@xxxxxxxxx>
Date: Sat, 07 Jun 2014 01:39:09 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 06 Jun 2014 19:40:10 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=16hNUVwvAc+7oxddtptBQWem0M6aBqk6o51WDAArdXs=; b=G2r7JLepeg12XLz0GkiCmbSPkxhUtKdVHcAMbGsqqOYI7UTcn3ZZvASbST8cCDqtCF m3Ro2qYObzwhkJ1HBgtwG7K/mm0CS2/wrMEu7T9fw5Tw6Kth7lc+FOFw/aXSQO04tTRq 6RhDMkRfcNpNoDiutl/TTvQPNZCbfo3HJD/ALqTGNhEuY6nSbXJi0wunyBk7nPXVnczZ a/ZQZvYiys7bYrx8ODyN1BsdQgXWFQaSoy1XyRglolLv8HDuca2nc33/wOMUc7WwxL+D 1UHrOol0UC24bRxrKvxXHS+toDJiAvvsrp6BpjHw+stydiKmdoVeWj1lZEs21vvURxq0 4Bqg==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

Hi All,

FP! :)

I just setup my relay node today, and am keeping a hawkish(ish) eye ontraffic.... And noticed a flurry of activity from SSH port (22) at5.104.224.5 - which is listed as an exit.

But it's also listed on http://cbl.abuseat.org/lookup.cgi?ip=5.104.224.5as infected (or NATting for a computer that is infected) with theConficker botnet.

I've black-holed it in the meantime, but am wondering if I'm beingoverly cautious...

Any advice/response/input appreciated.

TIA

Jeff.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] suspicious exit?
  - From: Michael Wolf

Prev by Author: Re: [tor-relays] bitcoin adopt a node idea
Next by Author: Re: [tor-relays] suspicious exit?
Previous by thread: Re: [tor-relays] Tor bridges with AWS
Next by thread: Re: [tor-relays] suspicious exit?
Index(es):
- Author
- Thread