On Wed, 2013-09-25 at 19:10 +0300, Joe wrote: > Hi, > > I'm planning to run a Tor relay on a spare computer at home. Security is > a concern, and not only regarding the machine running the relay but also > my other computers. Are there any (theoretical or otherwise) known > attacks a person can perform on a running Tor relay to take remote > control of it, and assuming the said person could pull that off, is it > possible to extend this control to the other computers behind the same > router? I am aware of possible DDOS attacks and other risks related to > running an exit, but i am comfortable in taking these chances in my > environment. > > I would run the relay on a yet-undecided-Linux distro, possibly Mint > Debian or some flavor of Ubuntu which i am more familiar with, and use > full-disk encryption with strong passwords. Are there any risks to my > other computers worth consideration? > > Thanks. > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Hello Joe! No absolute security exists, running Tor or not. Every software has undiscovered bugs and is theoretically exploitable. Since we migrated from assembly to higher level languages (and possibly before) we hid the cpu logic and added many layers of code which is run without the knowledge of programmers. There is no way to assert the negative: "there's no theoretical way of exploiting tor". The one who says that is only telling of his own ignorance. Despite this, you should understand what tor does to at least prepare for Tor related attacks. Tor redirects other tor users network communications through your machine using standard TCP/IP. So one thing you should do is to have firewall enabled with appropriate rules. Everything closed except for open tor ports. You may also run tor on it's own network interface. You may run tor on non-standard ports to avoid tor related scanning. If this machine is behind a router/gateway you could create a separate interface and isolate it from the rest of LAN. If you are using debian, "harden" is a package I recommend you to install. Use mutt to check for mail on system logs. Set some kind of automated backup (rsync, duplicity) of /var at least. You should also configure firewall on the remaining machines. If you need further help, ask here. But be sure to at least RTFM before. C u
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays