[tor-talk] Tor relay activity from Antarctica

Collin Anderson collin at averysmallbird.com
Thu Aug 29 05:30:11 UTC 2013


MaxMind, the database that powers the location tracker is far from perfect
and will accept IP prefix registration information blindly. For example on
my throttling work I found Iranian hosts with orders of magnitude faster
connections than anything else, only to realize they were actually web
servers in the Netherlands but registered to people inside Iran. I'd bet if
you found the actual IP address it would be in some place decidedly more
banal.
On Aug 28, 2013 12:56 PM, "lee colleton" <lee at colleton.net> wrote:

> There is an indication that computers are connecting to the "Tor"
> anonymizing proxy network from Antarctica. This information is anonymously
> self-reported by the connecting client computers and it's entirely possible
> that the locations are inaccurate. However, there is also a possibility
> that malicious software has been installed on computers in one of your
> research stations which is using the Tor network for command-and-control
> purposes, unbeknownst to the owners. I would encourage you to investigate
> this matter.
>
> I'm an operator of Tor relays and take an interest in the activity on the
> network, but I'm not directly affiliated with the Tor
> Project<https://torproject.org>nor do I claim to represent them.
> Please refer to their website for further
> information and official contact addresses. I've also sent this message to
> their mailing list should you wish to follow up, there.
>
> Kind regards,
> Lee Colleton
>
> [image: Inline image
> 1]<
> https://metrics.torproject.org/direct-users.png?start=2013-05-29&events=off&end=2013-08-27&country=aq
> >
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the tor-talk mailing list