Michael Scheidell
2011-Apr-16 09:15 UTC
193.138.118.3 ? lagoon.freebsd.lublin.pl /cache, freebsd, lublin, pl on TOR end point list?
We keep getting security alerts that lagoon.freebsd.lublin.pl (the
authoritative dns server for freebsd.lublin,pl) is on the 'TOR' end
point node list.
We get this alert when our DNS server looks up the ip for
cache.freebsd.lublin.pl
<http://doc.emergingthreats.net/bin/view/Main/TorRules>
This concerns me if freebsd is using a mirror that has possible ties to
hacker or other nefarious network related activity.
Can anyone tell me if:
A) this might be a FP? that lagoon.freebsd.lublin.pl is NOT associated
with this type of activity?
B) if so, should the small chance that they are involved in this
prohibit them from being on any RR link for ports source code lookups?
C) am I too paranoid? its 5am localtime, go back to bed?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Network Products Guide
* King of Spam Filters, SC Magazine
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Przemyslaw Frasunek
2011-Apr-16 09:31 UTC
193.138.118.3 ? lagoon.freebsd.lublin.pl /cache, freebsd, lublin, pl on TOR end point list?
> This concerns me if freebsd is using a mirror that has possible ties to hacker > or other nefarious network related activity.Well, this is my network and my box, so I will try to clarify all issues.> A) this might be a FP? that lagoon.freebsd.lublin.pl is NOT associated with > this type of activity?freebsd.lublin.pl does not host any FreeBSD mirrors. It's a shell server with ~300-400 accounts, running for 14 years. I personally know (almost) every person having account here. We have TOR installed (without exit node functionality), but it's not used for any kind of illegal activities. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE * * Jabber ID: venglin@nette.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV *