Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Botnet traffic using TOR SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Botnet traffic using TOR
A reader (AnthraX101) recently wrote to us about seeing botnet traffic leaving TOR network towards Internet. We are not sure at this point whether the botnets itself uses TOR or just a specific machine configured to route everything through TOR. Either way, if malware start using TOR to report back centrally, it might make detecting them more difficult. From an incident handler perspective, it makes pinpointing the victims more difficult.

For the Enterprise security folks, it might be time for you to consider blocking the use of TOR.
I will be teaching next: Leading Cloud Security Design and Implementation - SANS Stay Sharp Winter 2022


93 Posts
ISC Handler
Jul 12th 2006

Sign Up for Free or Log In to start participating in the conversation!