On Wed, Jul 15, 2009 at 08:16:48AM -0400, Praedor Atrebates wrote: > I am running Mandriva with its interactive firewall enabled so it alerts me > whenever a connection is attempted, including tor network connections to port > 9001. Usually the source is logical: an ip address or a system name but > just > this morning I found an odd one I've never seen before. A connection to my > port 9001 was made by '.' , that is, just <dot>. No address. > > What is this?
One of the Tor relays rigged its reverse resolve to be the address ".". See e.g. http://trunk.torstatus.kgprog.com/router_detail.php?FP=2df3d078f8869eb9b94991e73a4561de070d7615 Of course, it could have been some other address that was connecting and also set its reverse resolve to ".". Trusting reverse resolves isn't so smart, it turns out. --Roger