[tor-relays] Received botnet/drone abuse complaint
Steve Snyder
swsnyder at snydernet.net
Tue Jan 3 04:31:07 UTC 2012
I received a botnet/drone complaint from shadowserver.org today (delayed
due to holidays) regarding my exit node:
timestamp ip port type infection cc cc_port
12/29/2011 19:52 173.208.132.210 48586 32097 US MISSOURI KANSAS CITY tcp
mebroot ukixxuug.com|MAOS/0EC20201 14DF137A55320641 84.163.151.128 80
3320 DE 1
If I'm reading this correctly, they identify "mebroot" as the source of
the problem. As this is a Windows MBR trojan it obviously doesn't apply
to my Linux system. I scanned my system anyway and found no unexpected
processes running.
My DirPort is set to 80, which may explain that value in the complaint.
Any thoughts on what to do to avoid further complaints? Shadowserver
addresses the topic of Tor exits here:
http://www.shadowserver.org/wiki/pmwiki.php/Involve/TORNodesAndReporting
Thanks.
More information about the tor-relays
mailing list