Computer Tips -Tech Info



« | »

Anonymized Botnet?

Sans has a story on botnet traffic spotted coming from the TOR network. Now, I had to refresh my memory on what TOR is, but it’s an anonymizing network, essentially a computer running TOR, would collect a list of TOR client machines on the internet and then connections to other pcs are routed through encrypted connections through several different pcs, which masks the origination of the data request. Of course, this doesn’t mean that botnets are actively making use of TOR, it could just be an inadvertant…. “route all my traffic through TOR” computer got a bug….


Of course, now that this has been reported though…. we may well start seeing intentional use of anonymizing services for malware. It certainly looks as though it could muddy the waters in a few areas. Sans is suggesting Enterprise networking setups might consider blocking TOR.

They’ve also updated to say that it appears as though this is NOT a botnet specifically making use of TOR, but a machine that is routing all traffic through TOR that has picked up a bug.

Related Posts

Blog Traffic Exchange Related Posts Blog Traffic Exchange Related Websites
www.pdf24.org    Send article as PDF   

Posted by on July 12, 2006.

Tags: , , , ,

Categories: Computers, Networking, Security

« | »




Recent Posts


Pages



Switch to our desktop site