[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: OnionCat -- An IP-Transparent TOR Hidden Service Connector



F. Fox wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

7v5w7go9ub0o wrote:
(snip)
1. Connecting via TOR would be an extra, minor security option to
conceal the fact that my home is running a VNC server - eavesdropping
kids at the hotspot may try to make it a hacking "prize".

You should know that VNC is considered an insecure protocol; the wise
thing to do, is to allow it only to run over a secure tunneling protocol
(e.g., SSH, or a VPN program).

Thanks.... Good point.

My present setup (MX) uses SSH to connect client to host; it tunnels its
mx protocol within SSH.

(FWIW, Because some hotspots limit one to 80/443, my host has sshd
listening on 443, and I connect encrypted to it. (I presume that only
the most sophisticated DPI could discern that I'm using SSH instead of
HTTPS :-) ))


This is not only because many variations of VNC don't provide their own
encryption (remember, exit nodes can sniff - and they can see WAY too
much if you're using plain VNC!), but also because such a protocol would
strengthen the authentication required to get in.

This actually creates another question (not to be argumentative :-) ).

Given that there is no exit node, would an OnionCat to OnionCat
connection over TOR need to be encrypted? Is it plain-text anywhere
along the line?

(This would be a consideration, given SSH is tcp and TOR is tcp, and I
might get the tcp over tcp tunnel ( "TCP meltdown" ) timing conflict, it might be good to send the MX/VNC protocol unencrypted)


Thanks in Advance