Re: [tor-talk] tor using SSH

[Benedikt Westermann <westermann@xxxxxxxxxxx>]

> Jim, I am unclear as to what you are saying..   you noticed 
> port 22 traffic you weren't expecting on one of your machines..
> Do you recall if that traffic was INITIATED from your machine or 
> were you seeing UNSOLICITED incoming SYNs for port 22?
> 

Your machine, running a Tor client, initiates a connection to a machine
on port 22. This is your situation as I understood it.

All of the mentioned IPs are IPs of Tor nodes and all of them announcing
port 22 as a listen port, e.g.,  Amunet9, a Tor router, accepts
connections on port 22 and 80. By searching for one of the mentioned IP
addresses at http://metrics.torproject.org/relay-search.html. , you can
verify this. 

The traffic to port 22 is most likely Tor traffic and is therefore
normal behavior.

You can also download a list of current Tor nodes, but this list changes
regularly (once an hour). You find a list here:
http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv

Probably, you only need to whitelist the guard nodes, but the mentioned
list does not distinguish between the different types of nodes. 

--Benne

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk