[tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It

Percy Blakeney di99in5 at gmail.com
Sun May 29 16:50:53 UTC 2016 

Back in March I was taking screenshots and pictures with my android of the
different folders and files.  Days after I started to accumulate them I
started to notice they were disappearing from both my phone and computer so
I started to write down everything in a binder.  This was the first files I
found:

Tor accept 192.168.0.0/16
control port 9051
hashed control password
16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
hidden service port 80 127.0.0.1:80
hidden service port 22 127.0.0.1:22 (e.g. advertise 443 but bind to 9090)
outgoing traffic 10.0.0.5
nicknamed ididntedittheconfig
each period starts daily at midnight each period starts on the 3rd of the
month at 15:00
contact google Random Person <nobody AT example dot com>
directory connections 9030 (e.g. advertise 80 but bind to 9091)
entry guard 4B7B73D5A1F789ED2411A90E03C49C91652FDB95
entry guard AA1B026EE0C8A958E29C67C7D8885FF27572269D
entry (Alligator) 774969EEAA906F269C4E4E1D2E3D8711DA601491
exit fast guard HSDir running stable V2Dir Valid
Pascal 7 Raspberry PI Tor Relay torhbasd brasshornrelay11 cryptonanus
fingerprint ED03BB616EB2F60BEC80151114BB25CEF515B226
tor pid 1597
network manager pid 906
IPv6 privacy RFC4941
ssh agent 1377

When I ran a several different network scans from my android I found my
2.4ghz and 5 ghz wifi names along with HOME-E2DE 2.4 and 5.  My wifi
networks run off channel 6 while the 'HOME' one runs off channel 1.

On Sun, May 29, 2016 at 12:27 PM, Percy Blakeney <di99in5 at gmail.com> wrote:

> Whomever is and has been behind this is selective with what I can and
> can't see.  I KNOW our electronics are and have been controlled since we
> moved here January 2014.  I know this because at one time "they" were
> interacting with me on via my desktop.  I was asked if "they" could run a
> d-bus session on another computer I have connected.  Not knowing what a
> d-bus session was "they" gave me a step by step run down on how to do it.
> I did what "they" asked because it was kind of exciting.  Now in retrospect
> it's more scary than anything else.  There are files on my Linux computers
> that show me what to display if I run a netstat command or nstat command so
> even when I try to figure things out I'll continue to get the same results
> every time. Terminal fortune cookies were installed without me installing
> them.  One time upon opening up my terminal the little penguin's thought
> cloud said this: "I am number 2.  You are number 6."  Though I know a
> terminal only takes commands I impulsively typed back within it, "I am not
> a number.  I'm a free man!"  Immediately after I typed that in this popped
> up after my sentence, "I am not a number.  I'm a free man-tor!"  And it was
> then that I started going through my folders and files and found everything
> Tor related.  Even some link that told me I was running through a Tor
> router.
>
> On Sun, May 29, 2016 at 12:09 PM, Arjen <arjenvanweelden at gmail.com> wrote:
>
>> On 05/29/2016 05:28 PM, Percy Blakeney wrote:
>>
>>> Like I stated a few minutes ago, I am and have been running Tor from my
>>> location yet I have nothing to do with it.  I have been sitting on this
>>> for a while.  Before anyone comes down on me for it, you have to
>>> understand what I've been going through with my network.  Tor is only
>>> the tip of the iceberg.  This is as of today:
>>>
>>> usr/share/tor/tor-service-defaults-torrc
>>>
>>> DataDirectory /var/lib/tor
>>> PIDFile /var/run/tor/tor.pid
>>> RunasDaemon 1
>>> user debian-tor
>>> control socket /var/run/tor/control
>>> control socket group writable 1
>>> cookie authentication 1
>>> cookie auth file group readable 1
>>> cookie auth file /var/run/tor/control-authcookie
>>> log notice file /var/log/tor/log
>>>
>>> etc/tor/torrc
>>>
>>> contact info 0xFFFFFFFF Random Person <nobody AT example dot com>
>>> #Dirport 80 No Listen
>>> #Dirport 127.0.0.1:9091 <http://127.0.0.1:9091> No Advertise
>>> #Dirport front page /etc/tor/tor-exit-notice.html
>>> #Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more
>>> #accept *:119 # accept nntp as well as default exit policy
>>>
>>>
>> The hashes (#) in from of the lines are part of the default inline
>> documentation in the torrc file, and should have no effect because they are
>> comments.
>> It looks like you or someone with root access installed Tor on your
>> computer. You did not send enough of the torrc file to see if it is
>> configured as an exit. It could just be the default configuration after a
>> "sudo apt-get install tor"...
>>
>> If you just want to remove Tor from your machine (which runs Debian?),
>> you could just do: sudo apt-get remove tor
>> However, that might remove any clues as to who installed Tor and why.
>>
>> var/lib/tor
>>>
>>> lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me)
>>> cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not
>>> visible to me)
>>> cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not
>>> visible to me)
>>> cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is
>>> not visible to me)
>>> state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible)
>>> cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content
>>> is not visible to me)
>>>
>>>
>> The contents of the files and logs might only be readable by root, so
>> using sudo might help to read them.
>>
>> tor.pid-32156
>>>
>>> /var/lib/tor/state
>>>
>>> #Tor state file last generated on 2016-05-25 04:36:02 local time
>>> #Other times below are in UTC
>>> #You *do not* need to edit this file.
>>>
>>> EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache
>>> EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2  0.2.4.27
>>> 2016-04-28 16:16:20
>>>
>>> THERE'S WAY more to the above file but I'm not sure what I should and
>>> shouldn't share on here.  As a matter of fact, I'm not sure what half of
>>> this stuff means so I've spent the last few months trying to educate
>>> myself on as much of this as possible.  Like I said, I am MORE than
>>> willing to talk to anyone out there who may be able to help.
>>>
>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160529/234bc896/attachment-0001.html>

More information about the tor-relays mailing list