[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Any risks with another application using Tor's SOCKS 5 interface?

Thanks for the response.

SOCKS 5 insecurity:  If you use username/password authentication (as Tor
does), the username and password are sent in the clear.  That's one reason
not to open the SOCKS 5 port to the world.  Another reason might be that a
user is unable to modify proxy settings, e.g. in an Internet cafe.

I've never used GSSAPI authentication, but my understanding is that SOCKS 5
is secure if you use it.

Corrections always welcome.


On Wed, Dec 4, 2013 at 11:40 AM, Roman Mamedov <rm@xxxxxxxxxxx> wrote:

> On Wed, 4 Dec 2013 10:57:36 -0800
> James Marshall <james@xxxxxxxxxxxxx> wrote:
> > SOCKS 5 is insecure if the client and server are on different hosts and
> What exactly that insecurity consists of?
> If your aim is to open an client-less "in-proxy" to Tor network for anyone
> to
> use, then you might just as well open your SOCKS 5 port to the world.
> AFAIK any insecurity in SOCKS is related only to authentication, i.e.
> unauthorized users may be able to connect to your SOCKS proxy. But that's
> not
> an issue if you open it to anyone "by design" anyway.
> --
> With respect,
> Roman
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to