[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] corridor, a Tor traffic whitelisting gateway

Gavin Wahl:
>> I think the topic Bridge Firewall is also related here:
> https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/BridgeFirewall
>> (The topic didn't move there yet, but it's all very similar ideas 
>> we're discussing here.)
> Isn't corridor exactly what that article is describing?

Corridor also supports connecting to normal Tor relays (not bridges) only.

> It seems like it's also vulnerable to the 'Severe issue' in the
> article -- a compromised tor host behind corridor can get its public
> IP address with the 'getinfo address' Tor control protocol command
> and deanonymize.


> corridor cannot prevent malware on a client computer from directly
> contacting a colluding relay to find out your clearnet IP address.
> The part of your client system that can open outside TCP connections
> must be in a trustworthy state! (Whonix and Qubes-TorVM are
> well-designed in this respect.) Discussion:
> https://lists.torproject.org/pipermail/tor-talk/2014-February/032153.html

> Whonix includes this in its threat model -- you should be able to
> run arbitrary/compromised code behind the tor gateway and be safe.


> Can corridor do anything about it?

I don't think so, but happy to be proven wrong.

You might be interested in this comparison, that includes corridor:

Full disclosure:
I am a maintainer of Whonix.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to