[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: critical security vulnaribility fixed in Tor 0.1.2.16

To: or-talk@xxxxxxxxxxxxx
Subject: Re: critical security vulnaribility fixed in Tor 0.1.2.16
From: "vikingserver@xxxxxxxxx" <vikingserver@xxxxxxxxx>
Date: Sat, 04 Aug 2007 14:41:26 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 04 Aug 2007 08:41:59 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=maKM2LjKVlYHci+ghDb5rArJ34+ACoK34BAsx5wl+3hiLwD+e4gtSZbScBYtAWzAc+OSxsAUH/K0LCqInd7I9vk4le0eZygc2KB77vYOSoygQnkyO/uXK29xw9RcroSqMJNS/oGRsBZXb6iovvj5BpfVodmRjK4bf+meVmYXfi0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=cUXy0Kxzuxc5gG8XS/v9K386CpEeKgszHphD5bslFOgaKwtEZaSTESY4v5CZLpMV5Dqlirn0pANHk5T0smUo0quf8CKNmivSSIOJRJ3sjL2diHQjnMlQ4Kh+L8IRWaeNMBI5kS+y+x2UABkMTmrn0ecMJqT58nFndln5byaOvZU=
In-reply-to: <4ef5fec60708040504x40df49deh418fa5a103261da1@xxxxxxxxxxxxxx>
References: <20070802221918.GF20786@xxxxxxxxxxxxxx> <46B44F87.7000902@xxxxxxxxx> <4ef5fec60708040425q51472a84m9e7be3255df9d99d@xxxxxxxxxxxxxx> <46B468DF.9030100@xxxxxxxxx> <4ef5fec60708040504x40df49deh418fa5a103261da1@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

So in order to get attacked and get the torrc file modified, you first have to get infected by a worm, virus, malware or trojan horse that communicates with localhost:9051?
There is no way that someone could directly attack me through port 9051 behind a physical firewall? Is this correct?
If this is correct, then the chance of getting attacked behind a physical firewall is very low, right?

/Viking

coderman skrev:

On 8/4/07, vikingserver@xxxxxxxxx <vikingserver@xxxxxxxxx> wrote:

 Please describe a little bit.
 Please describe how someone can reach port 9051 behind a firewall.


port 9051 is usually bound to localhost (127.0.0.1).  a firewall
(usually) protects against external connections.  applications /
utilities bound to localhost can access other ports bound to this
address.

best regards,

Follow-Ups:
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: coderman

References:
- critical security vulnaribility fixed in Tor 0.1.2.16
  - From: vikingserver@xxxxxxxxx
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: coderman
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: vikingserver@xxxxxxxxx
- Re: critical security vulnaribility fixed in Tor 0.1.2.16
  - From: coderman

Prev by Author: Re: tor servers communicating to wrong ports
Next by Author: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Previous by thread: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Next by thread: Re: critical security vulnaribility fixed in Tor 0.1.2.16
Index(es):
- Author
- Thread