[tor-bugs] #33754 [Core Tor]: I discovered a Tor node using TCP port 9999 (service: "distinct" / "abyss"). Is this normal?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 28 19:03:15 UTC 2020
#33754: I discovered a Tor node using TCP port 9999 (service: "distinct" /
"abyss"). Is this normal?
-----------------------+--------------------------
Reporter: Tor235 | Owner: (none)
Type: defect | Status: new
Priority: Very High | Component: Core Tor
Version: | Severity: Critical
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------+--------------------------
I recently ran Netstat, a program within Network Utility (I did this while
using Tor Browser). When the option "Display the state of all current
socket connections" was selected, two Tor IP addresses appeared in the
"Foreign address" column. One IP address is the Tor entry node I am
currently using, and the other IP address is an IP address using TCP port
9999 -- the "distinct" service, also known as "abyss". What I'm wondering
is, is it normal for a Tor node to use TCP port 9999 ("distinct") while
using Tor? Is this a sign of malicious activity?
I did a terminal command to see if I could find out more information about
the IP address using port 9999, and it said it is using tor.real.
In addition, the mysterious Tor IP address appears to be using the
following ports on my computer: 22, 80, 110, 143, 443, 993, 995, 9998 and
9999.
The reason I know the mysterious IP address is a Tor IP address is because
Terminal told me it is using tor.real, and Tor Exonerator confirmed that
it is a Tor IP address.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33754>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list