Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Botnet traffic using TOR SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Botnet traffic using TOR
A reader (AnthraX101) recently wrote to us about seeing botnet traffic leaving TOR network towards Internet. We are not sure at this point whether the botnets itself uses TOR or just a specific machine configured to route everything through TOR. Either way, if malware start using TOR to report back centrally, it might make detecting them more difficult. From an incident handler perspective, it makes pinpointing the victims more difficult.

For the Enterprise security folks, it might be time for you to consider blocking the use of TOR.
Jason

93 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!