[tor-talk] tor using SSH
egf at riskproof.no-ip.org
egf at riskproof.no-ip.org
Tue Mar 22 22:03:58 UTC 2011
> From: Benedikt Westermann <westermann at q2s.ntnu.no>
>
> Your machine, running a Tor client, initiates a connection to a machine
> on port 22. This is your situation as I understood it.
>
> All of the mentioned IPs are IPs of Tor nodes and all of them announcing
> port 22 as a listen port, e.g., Amunet9, a Tor router, accepts
> connections on port 22 and 80. By searching for one of the mentioned IP
> addresses at http://metrics.torproject.org/relay-search.html. , you can
> verify this.
Aha! That is good to know. All of those IPs I specified earlier except one
(81.0.225.25 = SERVFAIL) were resolvable by DNS to something that I could see,
had a name implying a tor connection.
>
> The traffic to port 22 is most likely Tor traffic and is therefore
> normal behavior.
>
When I start allowing a new (to me) service to run thru the firewall, and
that service includes encrypted <ssh> traffic, I want to be prudent that
new service isn't going to create a reverse-tunnel with the capacity to send
back remote commands to a shell at my end. That concerns me greatly, as
anyone in my position would expect.
> You can also download a list of current Tor nodes, but this list changes
> regularly (once an hour). You find a list here:
> http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
>
> Probably, you only need to whitelist the guard nodes, but the mentioned
> list does not distinguish between the different types of nodes.
>
> --Benne
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
Until I learn exactly, what sorts of data are traversing that <ssh> pipe,
then I am unlikely to remove the firewall block of port 22.
More information about the tor-talk
mailing list