[tor-talk] tor using SSH
Jim
Jimmymac at copper.net
Wed Mar 23 03:43:25 UTC 2011
egf at riskproof.no-ip.org wrote:
>> From tor-talk-bounces at lists.torproject.org Tue Mar 22 04:16:23 2011
>
> (snippage...)
>
>> I don't know if this is what you are talking about or not, but a while
>> back I noticed port 22 (the traditional SSH port) traffic I wasn't
>> expecting on one of my machines. Checking tor's cached-descriptors file
>> I noticed one or more tor nodes was using port 22 as one of its ports (I
>> forget which one) and this was what I was observing.
>
> Jim, I am unclear as to what you are saying.. you noticed
> port 22 traffic you weren't expecting on one of your machines..
> Do you recall if that traffic was INITIATED from your machine or
> were you seeing UNSOLICITED incoming SYNs for port 22?
Sorry I was not more clear. The connection was between a high numbered
port on my machine and port 22 on the remote machine. The
cached-descriptors file showed me that the remote IP address was a Tor
node that listened (for some purpose) on port 22. On the basis of that
information I presumed the traffic I was seeing was legitimate Tor
traffic and I did not investigate further. I was running a Tor client
but not a relay, so I *presume* my machine initiated that connection but
I never tried to verify that. (My firewall should have prevented any
incoming connections.)
I believe Andrew Lewman and others on this list have since given a more
complete explanation of what is going on.
Jim
More information about the tor-talk
mailing list