-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 hi all, i operate the "cave" router from my home DSL connection, and from time to time it will get suspended because CenturyLink will notice mailicious traffic from viruses routed thru the Tor network. most of the time i can block these because my they will tell me destination IP addresses. but lately my service has been getting suspended because of this "zeus" virus and the reports my ISP sends don't have any destination ip addresses. below is a sample report of what they send me, you can see with with 'conficker' one there is a dst address that i can block, but with zeus there is practically no data. (the IP Address column is what my IP address was at the time) i have asked CenturyLink for more info, specifically destination ip addresses, but this is all they give me. so does anyone know of a way to block this zeus thru Tor? thanks
Date/Time Seen (GMT) IP Address Infection Data (*) - -------------------- --------------- ------------------------------ 2012-08-20 00:56:32 67.1.15.107 infection => 'zeus', addl_data => '/config.bin' 2012-07-30 15:06:13 97.115.197.107 infection => 'zeus', addl_data => '/zs/config.bin' 2012-07-26 23:17:48 97.115.196.146 infection => 'conficker', subtype => 'downadup', src_port => '49510', dst_port => '80', http_host => '149.20.56.33', url => 'GET /search?q=0 HTTP/1.1', http_agent => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)', dst_ip => '149.20.56.33', sourceSummary => 'Sinkhole HTTP Drone Report' 2012-07-04 18:46:35 97.115.192.31 infection => 'zeus', addl_data => '/update32.php' -----BEGIN PGP SIGNATURE----- iEYEAREIAAYFAlA2jjUACgkQXhfCJNu98qAlGgCeKnZ+ZYVHA/fD92pDz6qgBLKC LbYAoNRHz4kxmy/meTPWW6izy89d4n93 =C1Bf -----END PGP SIGNATURE----- _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
