20 Oct
2025
20 Oct
'25
2 p.m.
On 10/20/25 12:29, Ralph Seichter via tor-relays wrote:
Portscans are /not/ fine. If you are not running an exit node, there is no reason for your node to connect to port 443 on a whole range of target hosts. That traffic is either spoofed, or something is very wrong on your node.
EXTEND cells can actually contain arbitrary addresses, and AFAIK tor will actually try to connect to them and speak the Tor protocol. If the address doesn't belong to a real relay, at best it will complete the TLS handshake[1] and bail out. [1] I'm actually not 100% sure if it will even complete it when connecting to something that isn't a tor relay. I only tested this (locally) against a port that nothing was listening on.