Dear all,
i run a tor relay (version 0.2.4.20) on debian wheezy. Today I noticed Tor uses some UDP ports:
# netstat -tulpen tcp 0 0 0.0.0.0:9030 0.0.0.0:* LISTEN 0 46692311 26643/tor tcp 0 0 0.0.0.0:9001 0.0.0.0:* LISTEN 0 46692310 26643/tor [...] udp 0 0 0.0.0.0:33915 0.0.0.0:* 104 46692315 26643/tor udp 0 0 0.0.0.0:56554 0.0.0.0:* 104 46692316 26643/tor udp 0 0 0.0.0.0:34821 0.0.0.0:* 104 46692317 26643/tor udp 0 0 0.0.0.0:49463 0.0.0.0:* 104 46692314 26643/tor
Since I thought Tor only uses TCP may this be a security problem with my server?
Best regards, Wollomatic
Quoth Wollomatic wollomatic@posteo.eu, on 2014-01-14 00:29:39 +0100:
Since I thought Tor only uses TCP may this be a security problem with my server?
Since UDP is a connectionless datagram protocol, there is no distinguished "listening" state. It seems more likely that those are sockets for outgoing DNS requests. Have you monitored the traffic on those ports to see what it is?
---> Drake Wilson
Complementing:
tcpdump -w "$udpport".cap port "$udpport"
On Mon, Jan 13, 2014 at 9:17 PM, Drake Wilson drake@dasyatidae.net wrote:
Quoth Wollomatic wollomatic@posteo.eu, on 2014-01-14 00:29:39 +0100:
Since I thought Tor only uses TCP may this be a security problem with my server?
Since UDP is a connectionless datagram protocol, there is no distinguished "listening" state. It seems more likely that those are sockets for outgoing DNS requests. Have you monitored the traffic on those ports to see what it is?
---> Drake Wilson _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello all,
on 14.01.2014 01:17, Drake Wilson wrote:
Since UDP is a connectionless datagram protocol, there is no distinguished "listening" state. It seems more likely that those are sockets for outgoing DNS requests. Have you monitored the traffic on those ports to see what it is?
Thanks Drake, you are right. Now I monitored the traffic and it looks like DNS. I just wonder because netstat shows the UDP ports on debian. Using CentOS these ports aren't displayed.
Best regards, Wollomatic
Please! I am not participate in this forum anymore! Any e mail that coming after this will be reported to Uk intelligence police (M15) Be aware pls with all posts or e mails here ! Have a nice weekend to all
On 14 Jan 2014, at 00:17, Drake Wilson drake@dasyatidae.net wrote:
Quoth Wollomatic wollomatic@posteo.eu, on 2014-01-14 00:29:39 +0100:
Since I thought Tor only uses TCP may this be a security problem with my server?
Since UDP is a connectionless datagram protocol, there is no distinguished "listening" state. It seems more likely that those are sockets for outgoing DNS requests. Have you monitored the traffic on those ports to see what it is?
---> Drake Wilson _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Drake Wilson -
Fabiano London -
Noilson Caio -
Wollomatic