[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor using SSH

> From: Benedikt Westermann <westermann@xxxxxxxxxxx>
> Your machine, running a Tor client, initiates a connection to a machine
> on port 22. This is your situation as I understood it.
> All of the mentioned IPs are IPs of Tor nodes and all of them announcing
> port 22 as a listen port, e.g.,  Amunet9, a Tor router, accepts
> connections on port 22 and 80. By searching for one of the mentioned IP
> addresses at http://metrics.torproject.org/relay-search.html. , you can
> verify this. 

Aha!  That is good to know.   All of those IPs I specified earlier except one
( = SERVFAIL) were resolvable by DNS to something that I could see, 
had a name implying a tor connection.

> The traffic to port 22 is most likely Tor traffic and is therefore
> normal behavior.

When I start allowing a new (to me) service to run thru the firewall, and 
that service includes encrypted <ssh> traffic, I want to be prudent that 
new service isn't going to create a reverse-tunnel with the capacity to send 
back remote commands to a shell at my end.  That concerns me greatly, as 
anyone in my position would expect.
> You can also download a list of current Tor nodes, but this list changes
> regularly (once an hour). You find a list here:
> http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
> Probably, you only need to whitelist the guard nodes, but the mentioned
> list does not distinguish between the different types of nodes. 
> --Benne
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Until I learn exactly, what sorts of data are traversing that <ssh> pipe,
then I am unlikely to remove the firewall  block of port 22.

tor-talk mailing list