[tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It

Dr Gerard Bulger gerard at bulger.co.uk
Mon May 30 08:57:13 UTC 2016 

I had a very annoying control freak systems administrator some years back
working on systems I owned, but he sought absolute control so he changed
passwords everywhere.  He could not understand how message-of-the-day or
banner would continue to change. To my amusement never mentioned to me the
"security breaches".

He never saw that I had a Zebedee reverse tunnel connecting to the Unix
server's telnet running out on port 443 out my own external server.  Then
noticed that in /etc/passwd there was another login with 0:0 root
permissions.   None of his changes to passwords, including root, or fiddling
with the router could lock me out and of my control. 

About the only way I can see that your scenario of entry into a system is
that an old machine is running a reverse tunnel.  I doubt passwords were
ever cracked.

If I had all those breaches described and a mysterious Tor on my network I
think I'd need to check I was taking my tablets


Gerry



Dr Gerry Bulger
-----Original Message-----
From: tor-relays [mailto:tor-relays-bounces at lists.torproject.org] On Behalf
Of Andrea
Sent: 30 May 2016 07:58
To: tor-relays at lists.torproject.org
Subject: Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It


I suggest a clean install of your computers and your smartphones. For your
smartphone: don't use the factory reset, make sure that its firmware gets
flashed.

Most viruses or malware don't wait within your computer's bios for a new
opportunity. Don't allow "autostart" for usb sticks or other data storages.
Use cds or dvds provided by someone you trust to check on your computers and
then do a clean install.

If you need any advice mail me off list. Maybe I can help with this.

~Andrea


On 5/30/2016 12:23 AM, Percy Blakeney wrote:
> I did just that.  TWICE.  I now have a total of 5 phones, 3 laptops, 2 
> desktops 2 printers, and I'm now on my third router/modem.  Whomever, 
> whatever this is knows how to get into the firmware.  I know this 
> sounds crazy but it's true. I'd give anything for someone to come here 
> and see for themselves.
> 
> On Sun, May 29, 2016 at 3:53 PM, Mirimir <mirimir at riseup.net 
> <mailto:mirimir at riseup.net>> wrote:
> 
>     On 05/29/2016 10:27 AM, Percy Blakeney wrote:
>     > Whomever is and has been behind this is selective with what I can
and can't
>     > see.  I KNOW our electronics are and have been controlled since we
moved
>     > here January 2014.  I know this because at one time "they" were
interacting
>     > with me on via my desktop.  I was asked if "they" could run a d-bus
session
>     > on another computer I have connected.  Not knowing what a d-bus
session was
>     > "they" gave me a step by step run down on how to do it.  I did what
"they"
>     > asked because it was kind of exciting.  Now in retrospect it's more
scary
>     > than anything else. ...
> 
>     Given what you've said, you might want to replace all of your
>     electronics. The router, and all computers and other devices that have
>     been connected to it, through wires or WiFi. Maybe also change ISP.
> 
>     That may seem extreme. For computers, it might be sufficient to
replace
>     HDDs/SSDs. But smartphones, you should just replace entirely. The
>     concern is that malware can be hidden in other components, not just in
>     HDDs/SSDs.
> 
>     Also, be very careful about transferring files from old machines. If
you
>     must, transfer individual files, not entire folders. Ideally, you
would
>     scan each file for malware in an intermediate throwaway machine,
running
>     a different OS. Maybe OSX, if your other machines are Windows and
Linux.
>     Or Windows, if your other machines are OSX and Linux. You can use USB
>     flash drives. But use a given one only for a given pair of machines,
to
>     reduce the risk of transferring malware.
> 
>     <SNIP>
> 
>     _______________________________________________
>     tor-relays mailing list
>     tor-relays at lists.torproject.org
<mailto:tor-relays at lists.torproject.org>
>     https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list