Re: [tor-relays] Oubound Ports
On 14-07-11 08:59 PM, Greg Moss wrote: Alright - traffic is picking up a little after 24 hour. Netfow is showing a bunch of outbound SSH connections but for some reason cant see it in the syslog going out. Added ACL for outbound SSH and will watch. Not sure WTF all the SSH traffic is all about. Some clarification may help regarding what ports are and how they are used. (Corrections welcome.) When we say a process connects on port 22 we mean a process on the local computer tries to connect to a remote computer on its port 22, ie 22 is the destination. The process on the local computer will use a random numbered source port (from 1 to 65535) on leaving the local computer. On the remote computer, there will be a process listening on its inbound port 22. The local process may or may not be SSH, and the remote process may or may not be SSHD - it is up to each computer's owner how they configure the processes; port 22 is merely a convention for SSH that makes it easy to remember and setup defaults. (On Linux you can see what process is actually using each active connection with sudo netstat -p. To see what processes are listening on which ports on your computer, it would be sudo netstat -lp.) If you are running a Tor exit node, you specify in the torrc to which destination ports your Tor node will allow Tor users to connect. If your torrc says ExitPolicy reject *:22 for example, it means your exit node will not allow Tor users to connect to port 22, so don't even try to route circuits through your node. If your torrc doesnt contain that line but your firewall blocks connections to port 22, it means Tor users might try to do their SSH via your exit node and get failed connections (and your node will eventually be labelled a BadExit). If you are running a non-exit, ie your torrc contains ExitPolicy reject *:*, then circuits traversing your relay will only connect to other Tor nodes (on their advertised ORports); you cannot control what numbers those ports are nor choose to which relays connections are allowed. In that case you should not see any connections to port 22, except for the Tor process itself connnecting to other Tor relays which happen to use that as their ORport. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Oubound Ports
On Sat, Jul 12, 2014 at 11:32 AM, krishna e bera k...@cyblings.on.ca wrote: the destination. The process on the local computer will use a random numbered source port (from 1 to 65535) on leaving the local computer. No, it may source from any unused port, assigned hopefully at random, or by successful self selection, hopefully from 49152-65535, and usually not from 0-1023 without priviledge. See ip(4). Your OS may differ. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] badexit D9B6E8F3DC60095F25252A1986E90932454C24D3
Breaks TLS on check.torproject.org, etc. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] badexit D9B6E8F3DC60095F25252A1986E90932454C24D3
On Sat, Jul 12, 2014 at 02:27:53PM -0400, grarpamp wrote: Breaks TLS on check.torproject.org, etc. Confirmed, thanks. Seems to be the relay's ISP. I contacted the operator and hopefully she/he will be able to fix it. Cheers, Philipp ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Oubound Ports
When we say a process connects on port 22 we mean a process on the local computer tries to connect to a remote computer on its port 22, ie 22 is the destination. The process on the local computer will use a random numbered source port (from 1 to 65535) on leaving the local computer. On the remote computer, there will be a process listening on its inbound port 22. I understand the dynamic port assignment computer initiating the connection to whatever port the remote server is listening on . What I am seeing is traffic sourced from port 22 on my relay and wondering what process or program is initiating that connection.. I have outbound port 22 blocked and am seeing a number of hits on the ACL gm -Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of krishna e bera Sent: Saturday, July 12, 2014 8:32 AM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Oubound Ports On 14-07-11 08:59 PM, Greg Moss wrote: Alright - traffic is picking up a little after 24 hour. Netfow is showing a bunch of outbound SSH connections but for some reason cant see it in the syslog going out. Added ACL for outbound SSH and will watch. Not sure WTF all the SSH traffic is all about. Some clarification may help regarding what ports are and how they are used. (Corrections welcome.) When we say a process connects on port 22 we mean a process on the local computer tries to connect to a remote computer on its port 22, ie 22 is the destination. The process on the local computer will use a random numbered source port (from 1 to 65535) on leaving the local computer. On the remote computer, there will be a process listening on its inbound port 22. The local process may or may not be SSH, and the remote process may or may not be SSHD - it is up to each computer's owner how they configure the processes; port 22 is merely a convention for SSH that makes it easy to remember and setup defaults. (On Linux you can see what process is actually using each active connection with sudo netstat -p. To see what processes are listening on which ports on your computer, it would be sudo netstat -lp.) If you are running a Tor exit node, you specify in the torrc to which destination ports your Tor node will allow Tor users to connect. If your torrc says ExitPolicy reject *:22 for example, it means your exit node will not allow Tor users to connect to port 22, so don't even try to route circuits through your node. If your torrc doesnt contain that line but your firewall blocks connections to port 22, it means Tor users might try to do their SSH via your exit node and get failed connections (and your node will eventually be labelled a BadExit). If you are running a non-exit, ie your torrc contains ExitPolicy reject *:*, then circuits traversing your relay will only connect to other Tor nodes (on their advertised ORports); you cannot control what numbers those ports are nor choose to which relays connections are allowed. In that case you should not see any connections to port 22, except for the Tor process itself connnecting to other Tor relays which happen to use that as their ORport. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays