[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: OnionCat -- An IP-Transparent TOR Hidden Service Connector
F. Fox wrote:
-----BEGIN PGP SIGNED MESSAGE-----
1. Connecting via TOR would be an extra, minor security option to
conceal the fact that my home is running a VNC server - eavesdropping
kids at the hotspot may try to make it a hacking "prize".
You should know that VNC is considered an insecure protocol; the wise
thing to do, is to allow it only to run over a secure tunneling protocol
(e.g., SSH, or a VPN program).
Thanks.... Good point.
My present setup (MX) uses SSH to connect client to host; it tunnels its
mx protocol within SSH.
(FWIW, Because some hotspots limit one to 80/443, my host has sshd
listening on 443, and I connect encrypted to it. (I presume that only
the most sophisticated DPI could discern that I'm using SSH instead of
HTTPS :-) ))
This is not only because many variations of VNC don't provide their own
encryption (remember, exit nodes can sniff - and they can see WAY too
much if you're using plain VNC!), but also because such a protocol would
strengthen the authentication required to get in.
This actually creates another question (not to be argumentative :-) ).
Given that there is no exit node, would an OnionCat to OnionCat
connection over TOR need to be encrypted? Is it plain-text anywhere
along the line?
(This would be a consideration, given SSH is tcp and TOR is tcp, and I
might get the tcp over tcp tunnel ( "TCP meltdown" ) timing conflict, it
might be good to send the MX/VNC protocol unencrypted)
Thanks in Advance