On Tue, Jul 29, 2014 at 10:50 AM, <[email protected]> wrote: > today I received a registered mail by the BKA, the german federal > police, alerting me that some stuff related to the Dragonfly aka > Energetic Bear backdoor Oldrea/Havex could be traced back to one > of my ips. The ip in questions is the one with which I run my tor > exit node.
This is *probably* because an infected machine somewhere has been configured to send *all* of its network traffic through Tor, including traffic originated by the malware. I don't know why that would make the BKA concerned enough to bother sending you a registered letter, but here is my boilerplate response to queries like that: [standard Tor exit explanation, then:] | Scanners that aim to detect misconfigured, vulnerable, or infected | computers will, from time to time, pick up Tor exits as false | positives, whenever they happen to be emitting traffic that | originates from such computers. By design, we have no way to pass | your report along to the true source of the traffic. We can assure | you that the actual computer at [EXIT'S IP ADDRESS] is not infected | with any malware and is kept up to date with security fixes. | However, you should expect it to continue to appear in your scans as | a false positive. _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
