[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] tor using SSH
> From: Benedikt Westermann <westermann@xxxxxxxxxxx>
> Your machine, running a Tor client, initiates a connection to a machine
> on port 22. This is your situation as I understood it.
> All of the mentioned IPs are IPs of Tor nodes and all of them announcing
> port 22 as a listen port, e.g., Amunet9, a Tor router, accepts
> connections on port 22 and 80. By searching for one of the mentioned IP
> addresses at http://metrics.torproject.org/relay-search.html. , you can
> verify this.
Aha! That is good to know. All of those IPs I specified earlier except one
(220.127.116.11 = SERVFAIL) were resolvable by DNS to something that I could see,
had a name implying a tor connection.
> The traffic to port 22 is most likely Tor traffic and is therefore
> normal behavior.
When I start allowing a new (to me) service to run thru the firewall, and
that service includes encrypted <ssh> traffic, I want to be prudent that
new service isn't going to create a reverse-tunnel with the capacity to send
back remote commands to a shell at my end. That concerns me greatly, as
anyone in my position would expect.
> You can also download a list of current Tor nodes, but this list changes
> regularly (once an hour). You find a list here:
> Probably, you only need to whitelist the guard nodes, but the mentioned
> list does not distinguish between the different types of nodes.
> tor-talk mailing list
Until I learn exactly, what sorts of data are traversing that <ssh> pipe,
then I am unlikely to remove the firewall block of port 22.
tor-talk mailing list