[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor using SSH

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] tor using SSH
From: egf@xxxxxxxxxxxxxxxxxxx
Date: Tue, 22 Mar 2011 16:03:58 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 22 Mar 2011 18:04:15 -0400
In-reply-to: Your message of "Tue, 22 Mar 2011 20:22:32 BST." <1300821752.11440.32.camel@elch>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx


> From: Benedikt Westermann <westermann@xxxxxxxxxxx>
> 
> Your machine, running a Tor client, initiates a connection to a machine
> on port 22. This is your situation as I understood it.
> 
> All of the mentioned IPs are IPs of Tor nodes and all of them announcing
> port 22 as a listen port, e.g.,  Amunet9, a Tor router, accepts
> connections on port 22 and 80. By searching for one of the mentioned IP
> addresses at http://metrics.torproject.org/relay-search.html. , you can
> verify this. 

Aha!  That is good to know.   All of those IPs I specified earlier except one
(81.0.225.25 = SERVFAIL) were resolvable by DNS to something that I could see, 
had a name implying a tor connection.

> 
> The traffic to port 22 is most likely Tor traffic and is therefore
> normal behavior.
> 

When I start allowing a new (to me) service to run thru the firewall, and 
that service includes encrypted <ssh> traffic, I want to be prudent that 
new service isn't going to create a reverse-tunnel with the capacity to send 
back remote commands to a shell at my end.  That concerns me greatly, as 
anyone in my position would expect.
 
> You can also download a list of current Tor nodes, but this list changes
> regularly (once an hour). You find a list here:
> http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
> 
> Probably, you only need to whitelist the guard nodes, but the mentioned
> list does not distinguish between the different types of nodes. 
> 
> --Benne
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 


Until I learn exactly, what sorts of data are traversing that <ssh> pipe,
then I am unlikely to remove the firewall  block of port 22.






_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] tor using SSH
  - From: Benedikt Westermann

Prev by Author: Re: [tor-talk] tor using SSH
Next by Author: Re: [tor-talk] tor using SSH
Previous by thread: Re: [tor-talk] tor using SSH
Next by thread: Re: [tor-talk] tor using SSH
Index(es):
- Author
- Thread