[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
From: "Dr Gerard Bulger" <gerard@xxxxxxxxxxxx>
Date: Mon, 30 May 2016 09:57:13 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 30 May 2016 04:58:23 -0400
In-reply-to: <4c4a1091-9cac-6ee5-d895-077085331c81@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CA+eNGiRbXmrkWwNSiBHdz4fBJzt3p1WTwZajCsNfwkMj4x4Mxg@xxxxxxxxxxxxxx> <6fc5e7c1-d90d-a52f-a8c1-e2648b93996b@xxxxxxxxx> <CA+eNGiRwZ8g=BgUscuD5kZb9a3-t1XvGGmhtHnNXa-MYpnPKSQ@xxxxxxxxxxxxxx> <574B48A4.9050301@xxxxxxxxxx> <CA+eNGiR2H1ejkncbL_iBCe8xjZJX9x-Q8w-7YEpJSE1qqwaxKQ@xxxxxxxxxxxxxx> <4c4a1091-9cac-6ee5-d895-077085331c81@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQIwz/2vasIO+QGQ0ifCmVcWZFOP3QIcYmDNAwTjdeMB/SEhQwIIy71MArDIYWuetDskQA==

I had a very annoying control freak systems administrator some years back
working on systems I owned, but he sought absolute control so he changed
passwords everywhere.  He could not understand how message-of-the-day or
banner would continue to change. To my amusement never mentioned to me the
"security breaches".

He never saw that I had a Zebedee reverse tunnel connecting to the Unix
server's telnet running out on port 443 out my own external server.  Then
noticed that in /etc/passwd there was another login with 0:0 root
permissions.   None of his changes to passwords, including root, or fiddling
with the router could lock me out and of my control. 

About the only way I can see that your scenario of entry into a system is
that an old machine is running a reverse tunnel.  I doubt passwords were
ever cracked.

If I had all those breaches described and a mysterious Tor on my network I
think I'd need to check I was taking my tablets


Gerry



Dr Gerry Bulger
-----Original Message-----
From: tor-relays [mailto:tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf
Of Andrea
Sent: 30 May 2016 07:58
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It


I suggest a clean install of your computers and your smartphones. For your
smartphone: don't use the factory reset, make sure that its firmware gets
flashed.

Most viruses or malware don't wait within your computer's bios for a new
opportunity. Don't allow "autostart" for usb sticks or other data storages.
Use cds or dvds provided by someone you trust to check on your computers and
then do a clean install.

If you need any advice mail me off list. Maybe I can help with this.

~Andrea


On 5/30/2016 12:23 AM, Percy Blakeney wrote:
> I did just that.  TWICE.  I now have a total of 5 phones, 3 laptops, 2 
> desktops 2 printers, and I'm now on my third router/modem.  Whomever, 
> whatever this is knows how to get into the firmware.  I know this 
> sounds crazy but it's true. I'd give anything for someone to come here 
> and see for themselves.
> 
> On Sun, May 29, 2016 at 3:53 PM, Mirimir <mirimir@xxxxxxxxxx 
> <mailto:mirimir@xxxxxxxxxx>> wrote:
> 
>     On 05/29/2016 10:27 AM, Percy Blakeney wrote:
>     > Whomever is and has been behind this is selective with what I can
and can't
>     > see.  I KNOW our electronics are and have been controlled since we
moved
>     > here January 2014.  I know this because at one time "they" were
interacting
>     > with me on via my desktop.  I was asked if "they" could run a d-bus
session
>     > on another computer I have connected.  Not knowing what a d-bus
session was
>     > "they" gave me a step by step run down on how to do it.  I did what
"they"
>     > asked because it was kind of exciting.  Now in retrospect it's more
scary
>     > than anything else. ...
> 
>     Given what you've said, you might want to replace all of your
>     electronics. The router, and all computers and other devices that have
>     been connected to it, through wires or WiFi. Maybe also change ISP.
> 
>     That may seem extreme. For computers, it might be sufficient to
replace
>     HDDs/SSDs. But smartphones, you should just replace entirely. The
>     concern is that malware can be hidden in other components, not just in
>     HDDs/SSDs.
> 
>     Also, be very careful about transferring files from old machines. If
you
>     must, transfer individual files, not entire folders. Ideally, you
would
>     scan each file for malware in an intermediate throwaway machine,
running
>     a different OS. Maybe OSX, if your other machines are Windows and
Linux.
>     Or Windows, if your other machines are OSX and Linux. You can use USB
>     flash drives. But use a given one only for a given pair of machines,
to
>     reduce the risk of transferring malware.
> 
>     <SNIP>
> 
>     _______________________________________________
>     tor-relays mailing list
>     tor-relays@xxxxxxxxxxxxxxxxxxxx
<mailto:tor-relays@xxxxxxxxxxxxxxxxxxxx>
>     https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
  - From: Percy Blakeney
- Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
  - From: Arjen
- Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
  - From: Percy Blakeney
- Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
  - From: Mirimir
- Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
  - From: Percy Blakeney
- Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
  - From: Andrea

Prev by Author: Re: [tor-relays] What's this Abuse
Next by Author: Re: [tor-relays] "support team" address?
Previous by thread: Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
Next by thread: Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It
Index(es):
- Author
- Thread