Tor2Web DNS Query Detection

info Nessus Network Monitor Plugin ID 8818

Synopsis

The remote host is accessing a Tor hidden service through Tor2Web.

Description

Tor2web is a software project that allows Tor hidden services to be accessed from a standard browser without being connected to the Tor network. In the past, various malware campaigns and botnets have utilized Tor2Web to exfiltrate data or communicate externally. Recent traffic from this host indicates it has accessed a Tor URL through a known Tor2Web proxy.

Solution

N/A

See Also

https://tor2web.org

https://www.torproject.org

http://resources.infosecinstitute.com/hunting-malware-deep-web

http://www.nessus.org/u?a30e9296

Plugin Details

Severity: Info

ID: 8818

Family: Policy

Published: 7/24/2015

Updated: 7/24/2015

Vulnerability Information

CPE: cpe:/a:torproject:tor2web