-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Other node operators, could you please try your IP address? Perhaps this could explain the recent increase in connections?
within 2 days of setting up a node at a new IP it was added to the extortionists over at SORBS :-/ a suggestion: maybe a new tor-node-moralfag-mailinglist should be set-up as to remove this soap opera from a technical mailing list. _________________________________________________________________________ GnuPG Fingerprint: 7770 D186 A06E A329 2217 3161 63EB F269 37B8 8644 _________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSJIVTAAoJEGPr8mk3uIZEJa0P/3nbn6UJyWCKPL1qi3KZ80fE T1OUYJVJKFAlN+u1Ur59CZWS2tsHJUhES4ovOj1gWF7TdrORS/knojQwM1JDyrWU 2b5Dw/jXnmf2BabliXKebk6BktEiN8I41UlVT/3MtZRnI3K1xCw0tvXy1Em3e1pJ V5EttYsylw6MXX00cO9L+LiQOHRATriTIYCUfdLmdamFkJyS27WZgEtVJ/zQGNpo dqUka2Wbns8gKPRr+4qdnA7JulM6P+gsS2hwOf+cSsTek0j9SU4UR3LLNJRXj6d/ ftCkBmp+9Bwc6FCfrT3msGDqIijei+yYjcD+ptoo9mdL/QI7GDCVbHpljowkBegS 0yvdub+WNHULjQ2bxumzi1m6DI91hAfTqwQTEUhhe8Co0/GLsjCelYdhDrTBdWIm ykH/2fqpkv2HsyK20qcUicJiijOjQODW5Ctxr7P3i9fMIi8vO/YCS7/kWwspQhXH fmdsbLzUnjpJuBU9OacuuVldOIw8Yit5URd8zLlF8Pai2a5eeedLKdG/84biKWsE 12iaJl1Ub+Wyg3FkG0/lXp1n2ANATfG3CZnAamnqwylk9N7a714LgK2jhFcRrMZE aHHIrzfEpYSceukFq8G8o6oL7zExC2i0xk8B+0pWCPkoRVw9pmXnRLvFs1HSV2f3 7b9fRFCfVB/EWq0fV9YC =d/kt -----END PGP SIGNATURE-----
That Guy wrote:
to remove this soap opera from a technical mailing list.
"Soap opera"? Apparently you are missing the point. Obviously malware writers will use Tor for various purposes, but connecting to a C&C via Tor would not make sense since they have the largest anonymising botnet themselves. Hence, this could indicate a new piece of malware has been created that contacts its C&C via Tor to hide the IPs of the infected PCs. That would be beneficial to hamper gathering statistics and cleanup. Sorry, if that hypothesis is not technical enough for your taste. Glad to hear that you have figured out what is causing the circuit creation storm. Care to tell the rest of us?
tor-node-moralfag-mailinglist
How nice... // Yoriz
On Mon, 02 Sep 2013 21:39:35 +0000, Yoriz wrote:
That Guy wrote:
to remove this soap opera from a technical mailing list.
"Soap opera"? Apparently you are missing the point.
The soap opera was the part where someone tried to filter tor traffic on moral grounds which is obviously not feasible.
Obviously malware writers will use Tor for various purposes, but connecting to a C&C via Tor would not make sense since they have the largest anonymising botnet themselves.
It would still be the question what the botnet is for - anonymization isn't usually the goal. Using a hidden service for C&C access gets you around all the stuff with fastflux deployment. Which in turn makes me wonder: How much code change and deployment would it take to take down (as in 'make inaccessible via the tor network') a given hidden service? Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800
participants (4)
-
Andreas Krey -
Nick -
That Guy -
Yoriz