another unusual connection

Paul Ferguson fergdawg at netzero.net
Sun Feb 10 19:02:19 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- Dominik Schaefer <schaedpq2 at gmx.de> wrote:

>> For what it's worth, we (Trend Micro) have identified several Tor
>> nodes which have malicious intent -- this one among them.
>
>Could you give us some more information about this? ;-) I would assume,
>the reported behaviour could be very well caused by some unusually
>configured or misconfigured node and not malicious intent itself.

Actually, it appears that the hosts that are triggering alarms for
us have already been identified previously as hosting malicious
content -- not flagged explicitly for being a Tor node.

For example, a host that may have been previously identified as
hosting an MPack exploit engine may also now be used as a Tor
node.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHr0o3q1pz9mNUZTMRAlmAAJ9kIG1X7UYBw0wJHXrmGmN52bL+EwCdGGv0
pOfGiCAuQW9StPguQD1JBoI=
=Asxa
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/



More information about the tor-talk mailing list