Flipchan wrote:
So something that listens on port 9001 and logs all incoming request
just to see if there is anything scanning for Tor ports and trying to
hack them, has this been done? Would be cool to look at the data from
that if anyone got a link. I cant be able to find something like this
online:/
Hi there,
One of the cooler projects like this was Roya's active probing
research on the Great Firewall[1]. In her case, she ran a private
bridge (not distributed, only for her research use), connected to the
bridge once from within China, then watched for new connection attempts.
She also ran a packet capture for a day to help find patterns (as,
again, no one's traffic passed through except hers). And it's easy to
run a service on port 9001, do the connection, then remove the service
if you don't want to use tor. =)
There are lots of misc scans going on, which mostly seem to be
curiosity. Whenever an interesting/weird piece of malware comes out
(which opens a rando port), I will occasionally do a scan to see how
many machines may be infected. Funny story: after an NSA backdoor
report came out, I found that millions of devices had that port open via
a scan. After a brief freakout, I investigated further and found that a
popular "smart TV" used the same port. :D All of this to say, of
course, that the follow-up investigating and research matter a lot heh.
~Griffin
[1]
http://www.cs.princeton.edu/~rensafi/projects/active-probing/index.html
--
Accept what you cannot change, and change what you cannot accept.
PGP: 0x03cf4a0ab3c79a63
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
