[tor-relays] How does CERT-FI know my SOCKS4 port?

mick mbm at rlogin.net
Wed Jul 10 16:58:18 UTC 2013

On Wed, 10 Jul 2013 17:04:12 +0200
Logforme <m7527 at abc.se> allegedly wrote:

> I assume the ISP did a port scan. Do you have port 9050 open in your 
> firewall?

Unlikely. I think it would be very unusual for an ISP in any country to
portscan anyone without prior authority (such as would appear in a
contract). Such action is illegal in may jurisdictions. And in any case,
Steve has already said that his socks port is bound only to localhost
( The report from CERT-FI must simply record the fact that
they have seen (or had reported) apparent open proxy relaying from
Steve's IP address with source port 9050. Without a lot more detail
about configuration, and the exact details of the reporting from
CERT-FI it is difficult to make any assumptions.

If I were Steve, I would contact CERT-FI directly for more information.
They are likely to be very helpful.


> On 2013-07-10 15:57, Steve Snyder wrote:
> > My ISP recently sent to me a CERT-FI auto-report on
> > malware-infected servers in my ISP's address space.  I was send
> > this report because my IP address was among those flagged.  My
> > entry looks like this:


 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130710/2653fdf3/attachment.sig>

More information about the tor-relays mailing list