On Mon, Jun 14, 2010 at 4:27 PM, <[email protected]> wrote: > Last thing was that their honeypots recorded access of an IRC-Bot to a > "Command & Control Server" from which it got orders to launch a > DDos-attack. First, I wonder why this bot contacts their honeypots and > gets new commands from them. And second, the exit policy of my node does > not allow IRC. > > For me this makes no sense at all. >
>From my experience, shadowserver has a habit of being overzealous like this. I've never dealt with them in the context of Tor, but I had an experience trying to get them to remove a large, legitimate IRC network from their blacklists awhile ago (apparently, some wireless providers use these blacklists to block traffic by IP). My impression is that anything that they consider to be even peripherally related to botnet or spam activity gets blacklisted and reported, without much further investigation. I was told that they removed those servers from their blacklists, but as of now (many months later), they are still listed. Many ISPs are willing to simply ignore automated and often-incorrect abuse reports like these. - John *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
