bizarre connection list to tor's DirPort

Scott Bennett bennett at cs.niu.edu
Sat Sep 1 03:01:21 UTC 2007


     Using netstat or lsof, there are sometimes over 50 ESTABLISHED connections
to my tor server's DirPort from a single IP source address, which resolves to

	ignfwdnoi-nat.asia.csc.com

Each such connection is usually displayed by netstat to have at least 32500
bytes in the send queue.
     I've checked the current cached-routers and cached-routers.new files and
have found no sign of either ignfwdnoi-nat.asia.csc.com or its IP address
(20.139.66.64) in either file, so it doesn't appear to be a valid exit server,
from which directory fetch requests might be appearing.
     Does anyone have an idea what might be going on?  I.e., is it something
legitimate?  Or should I treat it as an attack of some sort and respond by
blocking packets from that system at my router?


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



More information about the tor-talk mailing list