[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Blocking STUN Requests at Firewall?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Blocking STUN Requests at Firewall?
From: Bill Berry <bill@xxxxxxxxxxxx>
Date: Sun, 08 Feb 2015 18:28:12 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Feb 2015 12:28:27 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=techwang.com; h= content-transfer-encoding:content-type:content-type:in-reply-to :references:subject:subject:to:mime-version:user-agent:from:from :date:date:message-id; s=dkim; t=1423416423; x=1424280424; bh=6K ZyLU1e3e85SR0ylUQvwA8z5U95F+f9cM9+d7NdY7o=; b=hpGD56N5ulEwJwTHmc 5pX4KKMkYs9VsoocrVnWGzr4Hz7UiHGk6homNEvkvTu8Iw0cLRH6+zn/FJrR/JL+ BgXSe9IBU7c3lcp6Suqs1uXXp3sAhjjUrTIsP7oLQ8hLXX8T5uX3JYVrKrLToP5J ZEW2ciYLdOaJtE/NloFAmmagQ=
In-reply-to: <54D741CC.8030308@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54D741CC.8030308@xxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

In case anyone is interested I managed to block STUN requests using anapplication level firewall on the router. Probably not 100%, butdefinitely an improvement...


On 08/02/15 12:00, Bill Berry wrote:

Hi all,
I've setup a Tor transparent proxy, as per the instructions herehttps://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy(I'm aware of the security risks of not using the Tor Browser)
It's working well except it is vulnerable to STUN requests (as perhttp://ipleak.net/). Does anyone have experience of blocking theserequests? Based on the spec they can be TCP or UDP, so just blockingnon DNS UDP doesn't seem to help. Maybe it could be achieved usingDPI? Not much info on the net.
Thanks,

Bill


--
--
High quality Shiba Inu at the right price! Quality dogs for over 15 years!

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Blocking STUN Requests at Firewall?
  - From: Bill Berry

Prev by Author: [tor-talk] Blocking STUN Requests at Firewall?
Next by Author: Re: [tor-talk] Tor -> VPN Clarification
Previous by thread: [tor-talk] Blocking STUN Requests at Firewall?
Next by thread: [tor-talk] When you forget to pay your Internet Bill,
Index(es):
- Author
- Thread