search

fcwu / docker-ubuntu-vnc-desktop

A Docker image to provide web VNC interface to access Ubuntu LXDE/LxQT desktop environment.
Apache License 2.0
3.95k stars 1.43k forks source link

Possible TOR Relay in image #198

Open gnvdude opened 4 years ago

gnvdude commented 4 years ago

UniFi Alarm: IPS Alert

Site: HomeMessage: IPS Alert 2: Misc Attack. Signature ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 247. From: 173.50.86.103:80, to: 192.168.1.219:53176, protocol: TCP

I received..could be false..but wanted to report that this image could contain a TOR relay.

NeuroForLunch commented 3 years ago

I have no idea why this package is installed but I believe this is from a package called parcimonie:

parcimonie is a daemon that slowly refreshes a gpg public keyring from a keyserver. Its refreshes one OpenPGP key at a time; between every key update, parcimonie sleeps a random amount of time, long enough for the previously used Tor circuit to expire. This process is meant to make it hard for an attacker to correlate the multiple performed key update operations. See the included design document to learn more about the threat and risk models parcimonie attempts to help coping with.