[tor-relays] How does CERT-FI know my SOCKS4 port?

Steve Snyder swsnyder at snydernet.net
Wed Jul 10 13:57:12 UTC 2013

My ISP recently sent to me a CERT-FI auto-report on malware-infected 
servers in my ISP's address space.  I was send this report because my IP 
address was among those flagged.  My entry looks like this:

51765|aa.bbb.ccc.dd|2013-07-08 02:39:23 +0000|||Proxy|743230|Datasource: 
C, Type: SOCKS4 (9050)

I am wondering how CERT-FI knows about this port.  This is a snippet of 
my relay config:

OutboundBindAddress aa.bbb.ccc.dd
ORPort [aa.bbb.ccc.dd]:443
DirPort [aa.bbb.ccc.dd]:80
SocksPort []:9050

Given that my SOCKS port is bound to localhost, how does CERT-FI know 
about it?

(For more info on the auto-reporter, go to 
https://www.cert.fi/en/autoreporter/autoreporter.html and log into it 
with this username/password: auto/reporter)


More information about the tor-relays mailing list