[tor-relays] IP addresses as false positives?
eliaz at riseup.net
Tue Jan 6 10:34:36 UTC 2015
>> I run in a dedicated low-power box on my LAN, to save electricity. Is
>> that as good as a VM?
> Whichever way you like. If you've got all sorts of virii/malware
> going on in an environment of exposure you wouldn't want
> your regular personal files or activities exposed to that.
All my connections/boxes/firewalls are OK, generally get very few alert s
>> I don't know how to confirm that exits are MITMs. I can post the FPs of
> Turn off TBB, Tor, bridge, vidalia, socks, everything about tor.
> Browse to the same place/url you got an alert with normal Firefox
> over clearnet See if you get an alert.
>> the ones that show up, though. So far all the alerts lead me to
>> recognizable nodes that show up OK in Atlas, etc.
My mistake. One IP address can't be found in Atlas or Globe. See below.
> Others have not reporting 'all these alerts' and exits "several days".
> If you wanted to you could post the name and version
> of your "AV program" and your OS version.
> And the full text of one of these alerts (if it's not
> sensitive to you) and the exit FP.
I've gone back to my records. The .txt attachment gives what I'd gotten
for three different IP addresses. I'm not panicked about this & don't
expect anyone to put more time into my query. But the different results
may interest someone. - eliaz
-------------- next part --------------
4:35 AM 1/6/2015
AV alerts on tor nodes
Here follows traces of IP addresses that provoked virus alerts in Avast Pro Antivirus. Five alerts from three IP addresses (2, 1, 2). These were interspersed with some other similar alerts for different IP addresses that I didn't record. See second trace below.
Trace 1 (2 instances)
Trace 2 (2 instances)
Object: https://188.8.131.52 (2 instances)
Fingerprint Not found:
Could not reach via Atlas or Globe. Clearnet browser times out; got tired of waiting for tor browser to connect. Ping times out. Tracert gives:
Tracing route to this.is.a.tor.exit.afo-tm.org [184.108.40.206]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.1.1
11 144 ms 142 ms 145 ms online-gw.ip4.gtt.net [220.127.116.11]
12 141 ms 143 ms 142 ms 18.104.22.168
13 * * * Request timed out.
15 * * * Request timed out.
16 * ^C
Trace 3 (1 instance)
All AV scanners up to date.
Tor box runs Avast Pro Antivirus, and runs tor only. I don't run a tor client from there.
Other box runs AVG Antivirus usually runs clearnet firefox. I can turn on torbrowser & vidalia as necessay, though. They were off while I tried to rouse Trace 2 in clear.
OSs are Win7 32 bit (tor box), 64 bit (other box)
More information about the tor-relays