Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Tor

Tor is free software for enabling anonymous communication. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Routing is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm seeing something in a SIEM that I can't seem to wrap my head around. I have an internet facing ASA that is configured to deny spoofed IP addresses (I don't manage these devices). Shortly after feeding syslog events from this device into the SIEM, I started seeing "Traffic from Tor Exit Node" and "Deny IP Spoof" events in the SIEM. I bring up both items as I'm not sure if they're related.

Anyway, when I look at "Traffic from Tor Exit Node" events where the source IP is the known Tor exit node (most of them), there is no corresponding destination IP address or destination port. I've crafted a few stories in my head involving nmap scans through Tor but I can't convince myself of anything I've come up with. Anyone have a plausible explanation?

Thanks,
TR
0
On Demand Webinar: Networking for the Cloud Era
LVL 10
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Just over two weeks ago, a client of mine had a Cryptowall 3.0 infection, starting from a workstation. It was quickly contained, and we restored from backup, and all is well now. One residual side effect caught me completely off guard, however.

Every Windows workstation on the domain began having the help_decrypt files launch at startup. We found those files in the startup folders on the local C drives of the workstations, as well as in many other folders on C. No files on any of those computers were encrypted, however.

I have never seen nor heard of a crypto variant showing this behavior. Did it find the C$ shares on the network?
0

Tor

Tor is free software for enabling anonymous communication. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Routing is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays.

Top Experts In
Tor
<
Monthly
>

No Top Experts for this time period. Answer questions to earn the title!