Tor

7

Solutions

60

Contributors

Tor is free software for enabling anonymous communication. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Routing is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm seeing something in a SIEM that I can't seem to wrap my head around. I have an internet facing ASA that is configured to deny spoofed IP addresses (I don't manage these devices). Shortly after feeding syslog events from this device into the SIEM, I started seeing "Traffic from Tor Exit Node" and "Deny IP Spoof" events in the SIEM. I bring up both items as I'm not sure if they're related.

Anyway, when I look at "Traffic from Tor Exit Node" events where the source IP is the known Tor exit node (most of them), there is no corresponding destination IP address or destination port. I've crafted a few stories in my head involving nmap scans through Tor but I can't convince myself of anything I've come up with. Anyone have a plausible explanation?

Thanks,
TR
0
Get HTML5 Certified
LVL 9
Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Just over two weeks ago, a client of mine had a Cryptowall 3.0 infection, starting from a workstation. It was quickly contained, and we restored from backup, and all is well now. One residual side effect caught me completely off guard, however.

Every Windows workstation on the domain began having the help_decrypt files launch at startup. We found those files in the startup folders on the local C drives of the workstations, as well as in many other folders on C. No files on any of those computers were encrypted, however.

I have never seen nor heard of a crypto variant showing this behavior. Did it find the C$ shares on the network?
0

Tor

7

Solutions

60

Contributors

Tor is free software for enabling anonymous communication. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Routing is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays.

Top Experts In
Tor
<
Monthly
>

No Top Experts for this time period. Answer questions to earn the title!