[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SSH and Telnet ports

To: or-talk@xxxxxxxxxxxxx
Subject: Re: SSH and Telnet ports
From: Roger Dingledine <arma@xxxxxxx>
Date: Sun, 14 Dec 2008 13:26:25 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 14 Dec 2008 13:26:29 -0500
In-reply-to: <f63c4b2d0812141015q39c22941w856af2853230e165@xxxxxxxxxxxxxx>
References: <f63c4b2d0812141015q39c22941w856af2853230e165@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Sun, Dec 14, 2008 at 07:15:18PM +0100, Mitar wrote:
> I am wondering why should I allow SSH and Telnet ports to be open on a
> relay? Is there really a usage case where a Tor user would need them
> (because connecting with SSH to a server does somehow go against
> anonymity)? Because otherwise it could be used for dictionary attacks
> against SSH hosts.

There are a variety of different attackers that a Tor user might be
concerned about. "Anonymity with respect to the destination" is what
you're thinking about above. But you might also want "anonymity with
respect to eavesdroppers" -- so you can prevent somebody watching your
local network connection from discovering where you're connecting to, or
somebody watching the ssh server from discovering your current location.

So it makes perfect sense to have both anonymity from eavesdroppers and
strong authentication to the destination.

That said, feel free to take out ports 21 and 22 from your exit policy
if they make you uncomfortable.

--Roger

Follow-Ups:
- Re: SSH and Telnet ports
  - From: Mitar

References:
- SSH and Telnet ports
  - From: Mitar

Prev by Author: Re: How many hidden service circuits built?
Next by Author: Re: Failed to hand off onionskin
Previous by thread: SSH and Telnet ports
Next by thread: Re: SSH and Telnet ports
Index(es):
- Author
- Thread