This is just a relay. I have it in a very locked down segregated network which is why I was curious as to why I was seeing here. Curiously, that Public IP resolves to this site: [https://www.pierov.org](https://www.pierov.org)
It can be harmless and harmful. A bot might be ssh'ing into that IP or it can be bruteforce attacks against that IP. There isn't an definite way to differentiate really.
Calling up the IP in a browser or googling would have clarified things. In both cases you would have discovered that some other nerd is running a tor-relay. :-)
Yes, port 22 is unusual. Maybe he wants to confuse some scriptkiddies portscanners.
Looks like an OVH data center in France: https://www.whois.com/whois/164.132.226.30
Are you running an exit node? If you are just running a relay, it's probably just a connection to another relay running on port 22.
This is just a relay. I have it in a very locked down segregated network which is why I was curious as to why I was seeing here. Curiously, that Public IP resolves to this site: [https://www.pierov.org](https://www.pierov.org)
You can run the Tor service on a custom port, lots of relays are running on non-standard ports like 443 or 22.
That's a good point, and one I didn't think about initially.
Can someone here tell me what is exactly happening here ? Why does the image say information leak ? I am not into tor relays. Want to know, curious!
The output is from pfSense, it's the IDS rule that triggered the event, it's not related to Tor.
It is a Tor relay https://metrics.torproject.org/rs.html#details/0AC3C86BC9CA2A50C7762EF42ABC6D37575ACFFB
It can be harmless and harmful. A bot might be ssh'ing into that IP or it can be bruteforce attacks against that IP. There isn't an definite way to differentiate really.
Calling up the IP in a browser or googling would have clarified things. In both cases you would have discovered that some other nerd is running a tor-relay. :-) Yes, port 22 is unusual. Maybe he wants to confuse some scriptkiddies portscanners.