[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] corridor, a Tor traffic whitelisting gateway
- To: Gavin Wahl <gavinwahl@xxxxxxxxx>, tor-talk@xxxxxxxxxxxxxxxxxxxx, Rusty Bird <rustybird@xxxxxxxxxxxxxxx>, "adrelanos@ri >> Patrick Schleizer" <adrelanos@xxxxxxxxxx>
- Subject: Re: [tor-talk] corridor, a Tor traffic whitelisting gateway
- From: Patrick Schleizer <patrick-mailinglists@xxxxxxxxxx>
- Date: Sat, 31 Jan 2015 17:50:42 +0000
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Sat, 31 Jan 2015 12:51:58 -0500
- In-reply-to: <54CC1EF6.8010401@xxxxxxxxx>
- List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
- List-help: <mailto:firstname.lastname@example.org?subject=help>
- List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
- List-post: <mailto:email@example.com>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:firstname.lastname@example.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:email@example.com?subject=unsubscribe>
- References: <54CC1EF6.8010401@xxxxxxxxx>
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
>> I think the topic Bridge Firewall is also related here:
>> (The topic didn't move there yet, but it's all very similar ideas
>> we're discussing here.)
> Isn't corridor exactly what that article is describing?
Corridor also supports connecting to normal Tor relays (not bridges) only.
> It seems like it's also vulnerable to the 'Severe issue' in the
> article -- a compromised tor host behind corridor can get its public
> IP address with the 'getinfo address' Tor control protocol command
> and deanonymize.
> corridor cannot prevent malware on a client computer from directly
> contacting a colluding relay to find out your clearnet IP address.
> The part of your client system that can open outside TCP connections
> must be in a trustworthy state! (Whonix and Qubes-TorVM are
> well-designed in this respect.) Discussion:
> Whonix includes this in its threat model -- you should be able to
> run arbitrary/compromised code behind the tor gateway and be safe.
> Can corridor do anything about it?
I don't think so, but happy to be proven wrong.
You might be interested in this comparison, that includes corridor:
I am a maintainer of Whonix.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to