From owner-freebsd-security@FreeBSD.ORG Sat Apr 16 09:15:46 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9AEF3106564A for ; Sat, 16 Apr 2011 09:15:46 +0000 (UTC) (envelope-from michael.scheidell@secnap.com) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id 62B2C8FC08 for ; Sat, 16 Apr 2011 09:15:46 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 48E692B7C6B; Sat, 16 Apr 2011 04:54:11 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.com; h= content-type:content-type:subject:subject:mime-version :user-agent:from:from:date:date:message-id; s=dkim; t= 1302944050; x=1304758450; bh=chovtzcPMxLJoSM9/TZeJn94mN5+tpJXS81 bIkOLMEw=; b=jhnLAnIdoGjz672K7iYHDsR5BGsYAK8YoU8sD+4EtFv/Rxg9zx9 75Vj9c2QNDemcOrp8tG6skkjb/Ze0UkV/J6XhF9/a60jkXBYGsfvmR29sztcY/M1 5BDW7Ym7D5ItuM7duoLg06Uv1W2zh83dZM6ENcvQcivCykmNJIya6ezE= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.14 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id 08CA42B7C64; Sat, 16 Apr 2011 04:54:10 -0400 (EDT) Received: from Macintosh.local (10.80.0.4) by USBCTDC001.secnap.com (10.70.1.1) with Microsoft SMTP Server (TLS) id 14.0.722.0; Sat, 16 Apr 2011 04:54:08 -0400 Message-ID: <4DA95938.7050608@secnap.com> Date: Sat, 16 Apr 2011 04:54:16 -0400 From: Michael Scheidell User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 MIME-Version: 1.0 To: , Emerging Threats Signatures Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: 193.138.118.3 ? lagoon.freebsd.lublin.pl /cache, freebsd, lublin, pl on TOR end point list? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Apr 2011 09:15:46 -0000 We keep getting security alerts that lagoon.freebsd.lublin.pl (the authoritative dns server for freebsd.lublin,pl) is on the 'TOR' end point node list. We get this alert when our DNS server looks up the ip for cache.freebsd.lublin.pl This concerns me if freebsd is using a mirror that has possible ties to hacker or other nefarious network related activity. Can anyone tell me if: A) this might be a FP? that lagoon.freebsd.lublin.pl is NOT associated with this type of activity? B) if so, should the small chance that they are involved in this prohibit them from being on any RR link for ports source code lookups? C) am I too paranoid? its 5am localtime, go back to bed? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Best Intrusion Prevention Product, Networks Product Guide * Certified SNORT Integrator * Hot Company Award, World Executive Alliance * Best in Email Security, 2010 Network Products Guide * King of Spam Filters, SC Magazine ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________