I keep getting alerts from snort running in PFsense that my smartthings hub is communicating with known TOR (the onion router) relay routers. Is this normal or is my hub compromised? Check out the alerts below 192.168.1.101 is my hub. The other IPs are the TOR relay routers. The both of the SRC IPs are in Germany. Why in the world is my US based Hub communicating with a host in Germany?
12:25:04 2 UDP Misc Attack SRC IP 184.108.40.206 DEST IP 192.168.1.101
ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 167
14:24:57 2 UDP Misc Attack SRC IP 220.127.116.11 DEST IP 192.168.1.101
ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 136