[tor-talk] Tor as a network filter

[spencerone@xxxxxxxxxxxxxxx]

> ben[at]bentasker.co.uk:
> Depending on how you're getting traffic onto Tor (i.e. are you using 
> the
> SOCKS proxy or silently redirecting traffic to the relevant port) you 
> may
> be able to achieve something similar to what you're attempting using 
> other
> tools first.

I am just running Tor Browser, so the default SOCKS.

> For example, I have a VM running an MUA, it should only ever connect to
> it's mailserver's over Tor. To enforce that, my router runs Tor and an
> iptables rule ensures that all traffic from that VM leaves my network 
> over
> Tor (there are some other concerns with doing it this way, but they 
> aren't
> relevant for what I'm trying to say).

Can you expand on this, the Tor on a router part?  Others have said[0], 
in response to an out of the box product you can by[1], that running Tor 
on a physical router is not so safe, though this is maybe where your 
iptables rule comes in.

> There's no technical reason I (or, you) couldn't add a rule to first 
> push
> that traffic through some sort of (semi)transparent proxy so that 
> filtering
> can be performed at application level.

How much control do you then have over the traffic?  Can you shape how 
you appear, ignoring the risk of standing out?  How would you interface 
with the traffic?

> There are a number of reason's you might not want to do it though:
>
> - It complicates troubleshooting connection issues
> - You've just inserted an extra listening point for an adversary to use
> - If you're using a transparent solution and it breaks, you may find
> yourself working without your extra level of 'protection'
> - Depending on your solution, it may change your request signature (a 
> lot
> of work has gone into TBB to make all look the same, you don't want 
> your
> user-agent to suddenly becomes 'squid' for example)
>
> In my setup, traffic transits my network in the clear (at least in a
> metadata sense) before reaching Tor, there's no reason you necessarily 
> need
> to do that as you could set something similar up on a single box.
>
> So whilst tor won't do application level filtering for you, you can 
> insert
> some filtering into the chain, as long as you weigh the risks (and I've
> likely omitted some)
>
> > spencerone[at]opmbx.org:
> > But I am more asking if Tor can be used as part of a filter, with some
> > sort of application allowing for more control, maybe even of what is 
> > sent
> > to the entry.  It seems there has been some discussion regarding 'Tor
> > Router/Firewall', though it's only cited as a bullet in a list. I 
> > might be
> > misreading, but a Tails document refers to a 'Network Filter'.  I 
> > don't
> > only want to allow or deny network connections, like with Tails, but 
> > filter
> > out certain things as well, maybe with something smaller like a 
> > browser or
> > application firewall.
> >
> > > WhonixQubes:
> > > Sounds like you are looking for what is known as an "Application
> > > Firewall".
> > I am, is there any value to combining incoming access
> > to the Tor network and outgoing connections from applications as a
> > standalone tool?  Vs using Little Snitch or built-in firewalls 
> > separately
> > from a Tor application like Tor Browser.

Thanks for this!

Wordlife,
Spencer

[0] 
https://lists.torproject.org/pipermail/tor-talk/2015-February/036719.html
[1] http://cryptographi.com/products/snoopsafe

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk