On 7 March 2017 at 00:56, scar wrote:
> Jon Tullett wrote on 03/03/2017 10:47 AM:
>>
>> On 28 February 2017 at 06:07, scar wrote:
>>>
>>> I believe we should encourage
>>> sinkhole/honeypot operators to just block/ignore Tor exit IPs that
>>> connect
>>> to their traps. what do you all think?
>>
Anyone know about this and how to block it? usually there is a dst_ip
field but not in this case
infection => 'bots', subtype => 'dorkbot', port => 'tor-node', naics =>
'518210', public_source => 'AnubisNetworks', asn => '209', tag =>
'sinkhole', sector => 'Communications', family => 'dor
Jon Tullett wrote on 03/03/2017 10:47 AM:
On 28 February 2017 at 06:07, scar wrote:
I believe we should encourage
sinkhole/honeypot operators to just block/ignore Tor exit IPs that connect
to their traps. what do you all think?
Wouldn't that risk giving away the fact that it's a honeypot?
On 28 February 2017 at 06:07, scar wrote:
> I believe we should encourage
> sinkhole/honeypot operators to just block/ignore Tor exit IPs that connect
> to their traps. what do you all think?
Wouldn't that risk giving away the fact that it's a honeypot?
-J
--
tor-talk mailing list - tor-talk@l
I receive notice quite often (1-2 times/month) from my ISP that they
'detected malicious software' from my IP, ranging from virus, drones,
worms, robots, etc. I am using the 'reduced exit policy' for the node.
Fortunately i am able to update my exit policy with a reject entry. in
hopes it wil