For what it's worth, after complaints from campus IT we also wound up blocking SSH in the CMU Tor exit's policy. It's a shame we can't help people do sysadmin stuff and whatnot anonymously, but the port scans do seem to happen quite often. zw