Delivery-Date: Thu, 23 Apr 2015 15:55:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 0A3361E0670
	for <archiver@seul.org>; Thu, 23 Apr 2015 15:55:39 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A9D9434C4F;
	Thu, 23 Apr 2015 19:55:37 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EBB9134C51
 for <tor-talk@lists.torproject.org>; Thu, 23 Apr 2015 19:55:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id jLezPEFbziLY for <tor-talk@lists.torproject.org>;
 Thu, 23 Apr 2015 19:55:34 +0000 (UTC)
Received: from na01-bn1-obe.outbound.protection.outlook.com
 (mail-bn1on0093.outbound.protection.outlook.com [157.56.110.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "MSIT Machine Auth CA 2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id B1F6C34986
 for <tor-talk@lists.torproject.org>; Thu, 23 Apr 2015 19:55:34 +0000 (UTC)
X-Greylist: delayed 1130 seconds by postgrey-1.34 at eugeni;
 Thu, 23 Apr 2015 19:55:34 UTC
Received: from SN1PR08MB1440.namprd08.prod.outlook.com (25.162.1.25) by
 SN1PR08MB1390.namprd08.prod.outlook.com (25.162.1.148) with Microsoft SMTP
 Server (TLS) id 15.1.148.16; Thu, 23 Apr 2015 19:21:40 +0000
Received: from SN1PR08MB1438.namprd08.prod.outlook.com (25.162.1.23) by
 SN1PR08MB1440.namprd08.prod.outlook.com (25.162.1.25) with Microsoft SMTP
 Server (TLS) id 15.1.148.15; Thu, 23 Apr 2015 19:21:39 +0000
Received: from SN1PR08MB1438.namprd08.prod.outlook.com ([25.162.1.23]) by
 SN1PR08MB1438.namprd08.prod.outlook.com ([25.162.1.23]) with mapi id
 15.01.0148.008; Thu, 23 Apr 2015 19:21:39 +0000
From: Michael O Holstein <michael.holstein@csuohio.edu>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Thread-Topic: [tor-talk] SIGAINT email service targeted by 70 bad exit nodes
Thread-Index: AQHQfXMePNG97xGEbkuM2xlq6nwemZ1Z+0yAgABMdQCAALIzMQ==
Date: Thu, 23 Apr 2015 19:21:39 +0000
Message-ID: <1429816899778.3598@csuohio.edu>
References: <223eaa337204f5f94241636062f9a9e4.webmail@localhost>
 <20150423040805.GA7800@moria.seul.org>,
 <667A4388-0B4A-458B-BC47-8F49D949E09E@coderpunks.org>
In-Reply-To: <667A4388-0B4A-458B-BC47-8F49D949E09E@coderpunks.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: lists.torproject.org; dkim=none (message not signed)
 header.d=none;
x-originating-ip: [137.148.184.199]
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:SN1PR08MB1440;
 UriScan:; BCL:0; PCL:0; RULEID:; SRVR:SN1PR08MB1390; 
x-forefront-antispam-report: BMV:1; SFV:NSPM;
 SFS:(10009020)(6009001)(2501003)(2656002)(62966003)(87936001)(90282001)(40100003)(110136001)(88552001)(54356999)(86362001)(89122001)(36756003)(77156002)(75432002)(107886001)(2351001)(92566002)(2950100001)(2900100001)(99286002)(106116001)(50986999)(46102003)(102836002)(76176999)(450100001)(66066001)(117636001)(122556002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR08MB1440;
 H:SN1PR08MB1438.namprd08.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; 
x-microsoft-antispam-prvs: <SN1PR08MB144078459B3BF1711D9A63C183ED0@SN1PR08MB1440.namprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(601004)(5002010)(5005006); SRVR:SN1PR08MB1440; BCL:0; PCL:0; RULEID:;
 SRVR:SN1PR08MB1440; 
x-forefront-prvs: 0555EC8317
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2015 19:21:39.5372 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d7f3e79a-943d-4ace-aeab-209030807508
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR08MB1440
X-OriginatorOrg: csuohio.edu
Subject: Re: [tor-talk] SIGAINT email service targeted by 70 bad exit nodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

>The question to me is: Do they all have something in common? What was the =
vector of compromise?

>Curiously enough, they all run Debian stable (according to the SSH version=
 string "SSH-2.0->OpenSSH_6.0p1 Debian-4+deb7u2=94 *ALL* of them spit out o=
n port 22 =97 no exception!).

FWIW a lot of Rasberry PI devices use that version string.

Cheap embedded devices as chaff?

-Mike.
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

