[tor-dev] botnets+tor

Enkidu Mo Shiri volatilitux at gmail.com
Tue Nov 25 04:45:52 UTC 2014

nowadays using tor by botnet developers is bringing risk to tor network.
the use hidden service feature in tor network ,install their IRC server and
by hiding behind relays,packet encryption and  layers of tor, control and
command botnets and use them for attacks.
1.i am researching about any possibility if i can differentiate between
botnet traffic and normal tor network traffic by sniffing and analysing
network traffic at gateway of my campus.
2.any idea about this technique: i run a botnet in my computer (sandbox)
attach a script to it(developed by myself) ang let botneet works. the
botmaster (hacker) receives botnet report( after it pass by 2 relays) and
my script runs in his computer and sends me his system information.

3. have a question about tor network structure: how many nodes are between
user A 9 outside tor) and user B( in internet but outside tor) ? i dont
their communication will pass by two nodes(relay) but what other node? how
does hidden service provide service to them? any authentication stuff?
sorry if its not related to this mailing list.
*Ehsan Moshiri (Enkidu)*
*Digital Forensic And Penetration testing Researcher *
*H/P:+96 111 2868 696*

*Linkedin: http://my.linkedin.com/pub/enkidu-moshiri/59/baa/90b/
*Facebook: Enkidu Oshiri*
*wechat: Enkidu-Moshiri*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141125/f1dfd4bb/attachment.html>

More information about the tor-dev mailing list