> From: Benedikt Westermann <westerm...@q2s.ntnu.no> > > Your machine, running a Tor client, initiates a connection to a machine > on port 22. This is your situation as I understood it. > > All of the mentioned IPs are IPs of Tor nodes and all of them announcing > port 22 as a listen port, e.g., Amunet9, a Tor router, accepts > connections on port 22 and 80. By searching for one of the mentioned IP > addresses at http://metrics.torproject.org/relay-search.html. , you can > verify this.
Aha! That is good to know. All of those IPs I specified earlier except one (81.0.225.25 = SERVFAIL) were resolvable by DNS to something that I could see, had a name implying a tor connection. > > The traffic to port 22 is most likely Tor traffic and is therefore > normal behavior. > When I start allowing a new (to me) service to run thru the firewall, and that service includes encrypted <ssh> traffic, I want to be prudent that new service isn't going to create a reverse-tunnel with the capacity to send back remote commands to a shell at my end. That concerns me greatly, as anyone in my position would expect. > You can also download a list of current Tor nodes, but this list changes > regularly (once an hour). You find a list here: > http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv > > Probably, you only need to whitelist the guard nodes, but the mentioned > list does not distinguish between the different types of nodes. > > --Benne > > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > Until I learn exactly, what sorts of data are traversing that <ssh> pipe, then I am unlikely to remove the firewall block of port 22. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk