[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Question about the vulnerability



On Sat, 2007-11-08 at 15:33 -0400, nobledark@xxxxxxxxxxxx wrote:
> Roger, thank you for your response - I did follow that thread when 
> it came out and upgraded my systems. The question I have is not 
> really about the vulnerability but more of a general operational 
> one - in what situations is the control port actually used? If I am 
> not running a Tor server but using Tor in client mode, does the 
> Control Port get used? What is it used for? 

The control port is used to let you, another program, another computer,
control/communicate with TOR. If you just install tor as a client and
don't mess about with the config file the control port should be closed
by default. if you install a tor/Vidalia bundle the control port will
need to be open so Vidalia can control/communicate with TOR Same would
go for if you were using TorK, if your TOR is on a net appliance and
configured to be controlled/communicate with Vidalia/TorK/etc on another
machine.

Privoxy doesn't fall into this discussion as it just shuttles data
through tor rather then communicating with TOR

you can read more on the control port at:
http://tor.eff.org/tor-manual.html.en

and 

http://tor.eff.org/svn/trunk/doc/spec/control-spec.txt

long story short... if you are using a GUI for tor the control port is
most likely open.



Freemor <freemor@xxxxxxxx>
Freemor <freemor@xxxxxxxxxx>

This e-mail has been digitally signed with GnuPG

See: http://gnupg.org/ for more details


Attachment: signature.asc
Description: This is a digitally signed message part