exit counts by port number over 61 days
Scott Bennett
bennett at cs.niu.edu
Tue Apr 14 17:40:34 UTC 2009
On Tue, 14 Apr 2009 15:06:22 +0200 Sven Anderson <sven at anderson.de>
wrote:
>Am 13.04.2009 um 19:00 schrieb Scott Bennett:
>>
>> 1) Why is the nicname/whois port the most heavily used? In fact,
>> why is it getting much use at all?
>
>My guess: spammers and profilers, scanning for email adresses and
>other personal data.
That's kind of what I was thinking, too. However, I'm reluctant to
close the port because it also be used legitimately. What do you think?
>
>> 2) Why are there so many exits to the standard socks port? It
>> seems kind of strange to go all the way through the tor network
>> fully encrypted, only to exit in the clear to a port somewhere
>> else for re-encryption. Similarly, what about pptp?
>
>There are Trojans opening backdoors on that port.
>
>http://isc.sans.org/port.html?port=1080
Hmm...very interesting. Maybe I should close that one.
>
>> 4) Who still uses RFS? Didn't that die out a *long* time ago?
>> (The rfs port had 70 exits.)
>
>I bet nobody. That's why there seems to be somebody using the port for
>something else.
>
I have no idea what they are using it for. Does anyone still support
RFS? A vendor perhaps? If it might be legitimate, I'll leave the port open.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
More information about the tor-talk
mailing list