On Sat, 2007-11-08 at 15:33 -0400, nobledark@xxxxxxxxxxxx wrote: > Roger, thank you for your response - I did follow that thread when > it came out and upgraded my systems. The question I have is not > really about the vulnerability but more of a general operational > one - in what situations is the control port actually used? If I am > not running a Tor server but using Tor in client mode, does the > Control Port get used? What is it used for? The control port is used to let you, another program, another computer, control/communicate with TOR. If you just install tor as a client and don't mess about with the config file the control port should be closed by default. if you install a tor/Vidalia bundle the control port will need to be open so Vidalia can control/communicate with TOR Same would go for if you were using TorK, if your TOR is on a net appliance and configured to be controlled/communicate with Vidalia/TorK/etc on another machine. Privoxy doesn't fall into this discussion as it just shuttles data through tor rather then communicating with TOR you can read more on the control port at: http://tor.eff.org/tor-manual.html.en and http://tor.eff.org/svn/trunk/doc/spec/control-spec.txt long story short... if you are using a GUI for tor the control port is most likely open. Freemor <freemor@xxxxxxxx> Freemor <freemor@xxxxxxxxxx> This e-mail has been digitally signed with GnuPG See: http://gnupg.org/ for more details
Attachment:
signature.asc
Description: This is a digitally signed message part