[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor Beginner's Questions

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tor Beginner's Questions
From: ffi2fdq02@xxxxxxxxxxxxxx
Date: Wed, 5 Jan 2005 22:58:43 +1100
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 05 Jan 2005 06:59:16 -0500
In-reply-to: <20050105031956.S2564@moria.mit.edu>
References: <41D452ED.4050408@telia.com> <15094-75902@sneakemail.com> <20050105031956.S2564@moria.mit.edu>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Thanks for getting to this amongst everything else Roger.

On 05/01/2005, at 7:19 PM, Roger Dingledine arma-at-mit.edu |or-talk| wrote:

On Fri, Dec 31, 2004 at 05:08:43PM +1100, ffi2fdq02@xxxxxxxxxxxxxx wrote:
1)  "allow local connections to port 8118 and port 9050"
     Maybe I'm missing some subtlety in the word 'local' but does this
mean incoming, outgoing, neither or both should be allowed?  As far as
I know, I haven't allowed either port incoming or outgoing and yet tor
client seems to be working.
Local means "from 127.0.0.1 to 127.0.0.1" -- some firewalls seem to block even these sorts of connections, and people who run them don't tend to realize they're running them, so it's sort of hard to document for. Any suggestions on how to fix the wording?

My suggestion FWIW is "if your firewall can limit your machine's ability to connect to itself then ensure that such connection is allowed on ports 8118 and 9050." I understand the catch-22 about "people who run them..." and I think it shall remain a catch-22 unless it is to become a multi-page document in itself. Whilst I don't run one of those firewalls I'm probably close to that class of people and I/we simply have to have the initiative to search and question until we understand. Otherwise we can simply wait until technology like tor matures to the point where anyone can use it without having a clue what they're doing:)

2)  "outgoing connections... <allow> ports 80, 443, and 9001-9033"
I've allowed outgoing connections on all (only) these ports. Why does tor still regularly make attempts at other ports. I blocked them all and the tor client still works. Is there any advantage to allowing these too? Is there a definable range?
I've just added this answer as http://wiki.noreply.org/wiki/TheOnionRouter/ TorFAQ#OutboundFirewallPorts


Nice.  Completely answered thank you.

Currently the 'FirewallPorts' config option doesn't support ranges, just numbers. Is this something we should fix?

It's not something I would like to see 'fixed' at this stage. There's simply a trade off here. I don't wish to spend much time on security but I value it. Therefore I block all ports except those I *know* are being used by services I desire. Consequently it suits me to block everything else. If my need for anonymity rose then I may trade that off against this easy but overkill approach to security.

Thanks,
--Roger


No.  Thank you!:)

References:
- Re: Tor Beginner's Questions
  - From: Roger Dingledine

Prev by Author: Re: Tor exit nodes by country
Next by Author: wikipedia vandalism
Previous by thread: Re: Tor Beginner's Questions
Next by thread: Heavy CPU usage.. normal?
Index(es):
- Author
- Thread