[tor-relays] Oubound Ports
Greg Moss
gmoss82 at gmail.com
Sat Jul 12 21:01:20 UTC 2014
When we say a process connects on port 22 we mean a process on the local
computer tries to connect to a remote computer on its port 22, ie 22 is the
"destination". The process on the local computer will use a random numbered
"source" port (from 1 to 65535) on leaving the local computer.
On the remote computer, there will be a process listening on its inbound
port 22.
I understand the dynamic port assignment computer initiating the connection
to "whatever" port the remote server is listening on . What I am seeing is
traffic sourced from port 22 on my relay and wondering what process or
program is initiating that connection...... I have outbound port 22 blocked
and am seeing a number of hits on the ACL
gm
-----Original Message-----
From: tor-relays [mailto:tor-relays-bounces at lists.torproject.org] On Behalf
Of krishna e bera
Sent: Saturday, July 12, 2014 8:32 AM
To: tor-relays at lists.torproject.org
Subject: Re: [tor-relays] Oubound Ports
On 14-07-11 08:59 PM, Greg Moss wrote:
> Alright - traffic is picking up a little after 24 hour. Netfow is
> showing a bunch of outbound SSH connections but for some reason cant
> see it in the syslog going out. Added ACL for outbound SSH and will
> watch. Not sure WTF all the SSH traffic is all about.
Some clarification may help regarding what ports are and how they are used.
(Corrections welcome.)
When we say a process connects on port 22 we mean a process on the local
computer tries to connect to a remote computer on its port 22, ie 22 is the
"destination". The process on the local computer will use a random numbered
"source" port (from 1 to 65535) on leaving the local computer.
On the remote computer, there will be a process listening on its inbound
port 22.
The local process may or may not be SSH, and the remote process may or may
not be SSHD - it is up to each computer's owner how they configure the
processes; port 22 is merely a convention for SSH that makes it easy to
remember and setup defaults.
(On Linux you can see what process is actually using each active connection
with "sudo netstat -p". To see what processes are listening on which ports
on your computer, it would be "sudo netstat -lp".)
If you are running a Tor exit node, you specify in the torrc to which
destination ports your Tor node will allow Tor users to connect. If your
torrc says "ExitPolicy reject *:22" for example, it means your exit node
will not allow Tor users to connect to port 22, so don't even try to route
circuits through your node. If your torrc doesnt contain that line but your
firewall blocks connections to port 22, it means Tor users might try to do
their SSH via your exit node and get failed connections (and your node will
eventually be labelled a BadExit).
If you are running a non-exit, ie your torrc contains "ExitPolicy reject
*:*", then circuits traversing your relay will only connect to other Tor
nodes (on their advertised ORports); you cannot control what numbers those
ports are nor choose to which relays connections are allowed. In that case
you should not see any connections to port 22, except for the Tor process
itself connnecting to other Tor relays which happen to use that as their
ORport.
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list