[tor-relays] Someone is trying to overrun the Network
Paul Staroch
paulchen at rueckgr.at
Sun Sep 1 11:37:05 UTC 2013
Am 2013-09-01 10:48, schrieb elrippo:
> "Warning: Network TCP port 60922 is being used by /usr/sbin/tor. Possible
> rootkit: zaRwT.KiT
> Use the 'lsof -i' or 'netstat -an' command to check this."
>
> I guess this is a false positive in conjucntion to the massive raid of traffic
> increase in the past 3 weeks, were Tor opens these Ports to manage the massive
> circuit building requests.
I had similar warnings several times, even before the recent increase in the number of users.
As I'm pretty sure it's a false positive, I whitelisted tor in rkhunter's configuration file (/etc/rkhunter.conf):
PORT_WHITELIST="/usr/sbin/tor"
Paul
More information about the tor-relays
mailing list