[tor-relays] How does CERT-FI know my SOCKS4 port?
mick
mbm at rlogin.net
Wed Jul 10 16:58:18 UTC 2013
On Wed, 10 Jul 2013 17:04:12 +0200
Logforme <m7527 at abc.se> allegedly wrote:
> I assume the ISP did a port scan. Do you have port 9050 open in your
> firewall?
Unlikely. I think it would be very unusual for an ISP in any country to
portscan anyone without prior authority (such as would appear in a
contract). Such action is illegal in may jurisdictions. And in any case,
Steve has already said that his socks port is bound only to localhost
(127.0.0.1). The report from CERT-FI must simply record the fact that
they have seen (or had reported) apparent open proxy relaying from
Steve's IP address with source port 9050. Without a lot more detail
about configuration, and the exact details of the reporting from
CERT-FI it is difficult to make any assumptions.
If I were Steve, I would contact CERT-FI directly for more information.
They are likely to be very helpful.
Mick
> On 2013-07-10 15:57, Steve Snyder wrote:
> > My ISP recently sent to me a CERT-FI auto-report on
> > malware-infected servers in my ISP's address space. I was send
> > this report because my IP address was among those flagged. My
> > entry looks like this:
---------------------------------------------------------------------
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130710/2653fdf3/attachment.sig>
More information about the tor-relays
mailing list