exit counts by port number over 61 days
Sven Anderson
sven at anderson.de
Tue Apr 14 13:06:22 UTC 2009
Hi Scott,
Am 13.04.2009 um 19:00 schrieb Scott Bennett:
>
> 1) Why is the nicname/whois port the most heavily used? In fact,
> why is it getting much use at all?
My guess: spammers and profilers, scanning for email adresses and
other personal data.
> 2) Why are there so many exits to the standard socks port? It
> seems kind of strange to go all the way through the tor network
> fully encrypted, only to exit in the clear to a port somewhere
> else for re-encryption. Similarly, what about pptp?
There are Trojans opening backdoors on that port.
http://isc.sans.org/port.html?port=1080
> 4) Who still uses RFS? Didn't that die out a *long* time ago?
> (The rfs port had 70 exits.)
I bet nobody. That's why there seems to be somebody using the port for
something else.
Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2415 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090414/0e174f4f/attachment.bin>
More information about the tor-talk
mailing list