both my servers crashed
Thomas Sjögren
thomas at northernsecurity.net
Sun Apr 24 11:16:35 UTC 2005
On Sun, Apr 24, 2005 at 01:08:59PM +0200, Ron Davis wrote:
> On second thought, I suspect that the intruder may have entered the
> system via Tor. My system is behind a hardware firewall, which has ports
> 9001 and 9050 forwarded only. All other ports are closed for incoming
> traffic. While the intrusion happened, a software firewall and a virus
> guard were running on the pc. Tor is the only application that listens
> on 9001 and 9050. The firewall and guard both have update checkers that
> use port 80 outgoing. No other applications were running. Is it likely
> that un unstable Win OS starts listening on ports 9001 or 9050?
>
> OTOH, the virus guard didn't intercept the intrusion. Maybe it wasn't
> functioning anymore because of the instable OS? Will an unstable OS open
> ports? I'm just thinking out loud now.
Could you check the date (created, accessed, modified etc) on the unwanted
binaries and compare it with your tor log?
Any general system logs available?
What was installed, except the known software?
Was your AV up to date?
/Thomas
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050424/08dd5ad9/attachment.pgp>
More information about the tor-talk
mailing list