[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Any risks with another application using Tor's SOCKS 5 interface?
Thanks for the response.
SOCKS 5 insecurity: If you use username/password authentication (as Tor
does), the username and password are sent in the clear. That's one reason
not to open the SOCKS 5 port to the world. Another reason might be that a
user is unable to modify proxy settings, e.g. in an Internet cafe.
I've never used GSSAPI authentication, but my understanding is that SOCKS 5
is secure if you use it.
Corrections always welcome.
Cheers,
James
On Wed, Dec 4, 2013 at 11:40 AM, Roman Mamedov <rm@xxxxxxxxxxx> wrote:
> On Wed, 4 Dec 2013 10:57:36 -0800
> James Marshall <james@xxxxxxxxxxxxx> wrote:
>
> > SOCKS 5 is insecure if the client and server are on different hosts and
>
> What exactly that insecurity consists of?
>
> If your aim is to open an client-less "in-proxy" to Tor network for anyone
> to
> use, then you might just as well open your SOCKS 5 port to the world.
>
> AFAIK any insecurity in SOCKS is related only to authentication, i.e.
> unauthorized users may be able to connect to your SOCKS proxy. But that's
> not
> an issue if you open it to anyone "by design" anyway.
>
> --
> With respect,
> Roman
>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk