[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH scans from Tor exit

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH scans from Tor exit
From: I <beatthebastards@xxxxxxxxx>
Date: Thu, 1 May 2014 20:03:54 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 May 2014 00:04:07 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt; d=inbox.com; s=s1; h=mime-version:date:message-id:subject:from:to:content-type; bh=uMEMYVrH4GKUF2Kt1QMbBJ33bKaocApxFdT9leP6SyM=; b=Kz0DnOcsYpng6lFjjARhKPKj+BN5V06vZU93U8yjoqiR+D8Tk3yJD6Mp4zOgdH+l4BT2 73FgQNWi2labUGDZYDgJFYGZw0OxoCYXY6bdM8+v6ubv7vjgZu5F8FymcFuCxRbN6Q7/4H 3meqo/+aSunW/YoOxnlnNBtTpO4FvPlqc=
Domainkey-signature: q=dns; a=rsa-sha1; c=nofws; d=inbox.com; s=s1; h=mime-version:date:message-id:from:subject:to:content-type; b=SkGKkqACxnOoFQ/qEu6cKZop/phGcXdREPlBWMgyKdjPjj7iX9FQNUVj0LF+6txi9BqC kUt3wPGRByS1LB3ELQyLV50rLlPlpbe6bHSJYGDSDXSxLZdJ6RW/ET1Ukd6IwdKE/gX0LY DqGQN2WR31MtJ0XphGd10+jHL4VFf/nbQ=
In-reply-to: <53625168.5030604@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <2c61fb24578.000004efbeatthebastards@xxxxxxxxx> <cakcabmhf1pe576bkivggquo8qu2tu0ecduzo=jbkh1xckbhv9g@xxxxxxxxxxxxxx> <105aeadd2d5.00000a7dbeatthebastards@xxxxxxxxx> <535eda9e.7000402@xxxxxxxxxx> <cad2ti2-yich9gv1vogamwr4sgjcdhlrc1l+_a0y+seybs2iraw@xxxxxxxxxxxxxx> <535f1b27.7010306@xxxxxxxxxx> <116035f11c4.00000b49beatthebastards@xxxxxxxxx> <53613d91.9050103@xxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

In relation to SSH peculiarities such as a great number of outgoing SSH connections apparently involved in attacks and one SQL injection attack (outgoing) what does the collective intelligence think of this SSH rootkit: Ebury.

White Paper: http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
Article: http://www.welivesecurity.com/2014/03/18/attack-unix-operation-windigo/

Robert


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] SSH scans from Tor exit
  - From: Kurt Besig

Prev by Author: Re: [tor-relays] SSH scans from Tor exit
Next by Author: [tor-relays] (no subject)
Previous by thread: Re: [tor-relays] SSH scans from Tor exit
Next by thread: [tor-relays] Tor bridges on borrowed ports
Index(es):
- Author
- Thread