[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SSH and Telnet ports



On Sun, Dec 14, 2008 at 07:15:18PM +0100, Mitar wrote:
> I am wondering why should I allow SSH and Telnet ports to be open on a
> relay? Is there really a usage case where a Tor user would need them
> (because connecting with SSH to a server does somehow go against
> anonymity)? Because otherwise it could be used for dictionary attacks
> against SSH hosts.

There are a variety of different attackers that a Tor user might be
concerned about. "Anonymity with respect to the destination" is what
you're thinking about above. But you might also want "anonymity with
respect to eavesdroppers" -- so you can prevent somebody watching your
local network connection from discovering where you're connecting to, or
somebody watching the ssh server from discovering your current location.

So it makes perfect sense to have both anonymity from eavesdroppers and
strong authentication to the destination.

That said, feel free to take out ports 21 and 22 from your exit policy
if they make you uncomfortable.

--Roger