[tor-relays] suspicious exit?
JB
technomental at gmail.com
Sun Jun 8 20:05:42 UTC 2014
Thanks Mike and Grampa(?) for the replies.
Will send a notification to the exit node admin tomorrow.
And just wish that that small minority of ediots weren't fucking up the
world for us.
I guess if I was running an exit I'd spend my life sniffing packets.
But I see that's frowned upon.
Slippery slope slippery slopes....
On 07/06/2014 10:28, Michael Wolf wrote:
> On 6/6/2014 7:39 PM, JB wrote:
>> I just setup my relay node today, and am keeping a hawkish(ish) eye on
>> traffic.... And noticed a flurry of activity from SSH port (22) at
>> 5.104.224.5 - which is listed as an exit.
> That exit node uses port 22 as its ORPort (where other relays send Tor
> traffic). There is nothing suspicious about this. You can verify this
> info here:
>
> https://globe.torproject.org/#/relay/30D983762D3993AD8F17EB5DCD522A5D6AAE8C59
>
>> But it's also listed onhttp://cbl.abuseat.org/lookup.cgi?ip=5.104.224.5
>> as infected (or NATting for a computer that is infected) with the
>> Conficker botnet.
> Exits are going to show up in all sorts of lists, because a small group
> of bad people abuse Tor. Exit nodes get blamed because the "victims"
> think the traffic actually originates at the exit.
> Mikedddd
>> I've black-holed it in the meantime, but am wondering if I'm being
>> overly cautious...
> Yes :) Please don't block other tor nodes. Tor can communicate to/from
> any port the admin has configured.
>
> -- Mike
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
More information about the tor-relays
mailing list