On 05/01/2015 08:25:11, grarpamp <grarpamp@gmail.com> wrote:
On Mon, Jan 5, 2015 at 2:30 AM, eliazwrote:
> The antivirus program on a machine running a bridge occasionally
> reports like so:
>
> Object: https://
> Infection: URL:Mal [sic]
> Process: ... \tor.exe
>
> When I track down the addresses I find they are tor nodes (sometimes
> bridges, sometimes guards, sometimes exits.
>
> Are the flagged nodes in some ways miss-configured, or can I consider
> these to be false positives? Is there anything to worry about here?
>
> Detail: The tor and standalone vidalia folders have been flagged as
> exceptions (i.e. excluded) in the virus scanner. The scanner's web
> module is picking up the IP addresses from the port traffic.
>
> Thanks for any enlightenment - eliaz
Since the internet is known to be an infected wasteland,
and exits are known to MITM your streams, I'd suggest
either compartmentalizing all your surfing in a disposable
VM (which should probably be done anyways), or excluding
web traffic from your scanner.
Additionally, if you are able to isolate and confirm that
a specific exit is MITM'ing you (vs the "malware/virus" being
on the original clearnet site itself) feel free to post its fingerprint
here so that the workers can double check and dirauths can
give it the bad exit flag.
Unfortunately Tor doesn't have simple logging format
that you can watch in real time alongside your scanner.
I'm finishing a spec ticket for that soon though.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays