[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor using SSH

egf@xxxxxxxxxxxxxxxxxxx wrote:
From tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx  Tue Mar 22 04:16:23 2011


I don't know if this is what you are talking about or not, but a while back I noticed port 22 (the traditional SSH port) traffic I wasn't expecting on one of my machines. Checking tor's cached-descriptors file I noticed one or more tor nodes was using port 22 as one of its ports (I forget which one) and this was what I was observing.

Jim, I am unclear as to what you are saying.. you noticed port 22 traffic you weren't expecting on one of your machines.. Do you recall if that traffic was INITIATED from your machine or were you seeing UNSOLICITED incoming SYNs for port 22?

Sorry I was not more clear.   The connection was between a high numbered
port on my machine and port 22 on the remote machine.  The
cached-descriptors file showed me that the remote IP address was a Tor
node that listened (for some purpose) on port 22.  On the basis of that
information I presumed the traffic I was seeing was legitimate Tor
traffic and I did not investigate further.  I was running a Tor client
but not a relay, so I *presume* my machine initiated that connection but
I never tried to verify that.  (My firewall should have prevented any
incoming connections.)

I believe Andrew Lewman and others on this list have since given a more complete explanation of what is going on.


tor-talk mailing list