Hi all, first post on this list. I am using TBB 3.0 alpha2 on a linux laptop, with the UFW firewall installed (settings: "Default: deny (incoming), allow (outgoing)"). I registered a handful of Tor-related UFW BLOCK messages in the syslog today, and I am curious about what they mean (probably nothing malicious, but I'm just checking).
Scenario: TBB was running when I hibernated the laptop. When I brought it back up shortly after (~1 min), the OS froze with a black screen for some reason (I assume some linux hibernation issue) and I had to do a hard reboot. After rebooting and logging in, I saw a handful of UFW BLOCK messages in the syslog, starting immediately after reboot time (00:34). Like this: Jul 15 00:35:18 xxxxxx kernel: [ 53.302866] [UFW BLOCK] IN=wlan0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=yy.yyy.yy.yy DST=10.0.0.24 LEN=626 TOS=0x00 PREC=0x00 TTL=51 ID=54093 DF PROTO=TCP SPT=443 DPT=38712 WINDOW=42 RES=0x00 ACK PSH URGP=0 (My hostname and MAC address replaced with x's and the blocked IP replaced with y's). The blocked IP was from a Tor relay (I checked the Tor Network Map). During the first ~7 minutes after boot (00:35-00:42) I got four UFW BLOCK entries from that IP plus eleven from another IP (also a Tor-relay), and the only difference was DPT=37451 for the 2nd IP. I haven't seen any Tor-related UFW BLOCK messages before or after this incident. I did another hibernate/reboot with TBB running shortly after to see if I could reproduce the messages, but I didn't see anything. I'm assuming there was an attempt to reconnect with the relay-IP's in question as my computer came back online (since TBB was running at hibernate time and it was offline for only a minute or so), but I'm not sure. Anything to worry about? _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
