[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor as a network filter

Depending on how you're getting traffic onto Tor (i.e. are you using the SOCKS proxy or silently redirecting traffic to the relevant port) you may be able to achieve something similar to what you're attempting using other
tools first.

I am just running Tor Browser, so the default SOCKS.

For example, I have a VM running an MUA, it should only ever connect to
it's mailserver's over Tor. To enforce that, my router runs Tor and an
iptables rule ensures that all traffic from that VM leaves my network over Tor (there are some other concerns with doing it this way, but they aren't
relevant for what I'm trying to say).

Can you expand on this, the Tor on a router part? Others have said[0], in response to an out of the box product you can by[1], that running Tor on a physical router is not so safe, though this is maybe where your iptables rule comes in.

There's no technical reason I (or, you) couldn't add a rule to first push that traffic through some sort of (semi)transparent proxy so that filtering
can be performed at application level.

How much control do you then have over the traffic? Can you shape how you appear, ignoring the risk of standing out? How would you interface with the traffic?

There are a number of reason's you might not want to do it though:

- It complicates troubleshooting connection issues
- You've just inserted an extra listening point for an adversary to use
- If you're using a transparent solution and it breaks, you may find
yourself working without your extra level of 'protection'
- Depending on your solution, it may change your request signature (a lot of work has gone into TBB to make all look the same, you don't want your
user-agent to suddenly becomes 'squid' for example)

In my setup, traffic transits my network in the clear (at least in a
metadata sense) before reaching Tor, there's no reason you necessarily need
to do that as you could set something similar up on a single box.

So whilst tor won't do application level filtering for you, you can insert
some filtering into the chain, as long as you weigh the risks (and I've
likely omitted some)

But I am more asking if Tor can be used as part of a filter, with some
sort of application allowing for more control, maybe even of what is sent
to the entry.  It seems there has been some discussion regarding 'Tor
Router/Firewall', though it's only cited as a bullet in a list. I might be misreading, but a Tails document refers to a 'Network Filter'. I don't only want to allow or deny network connections, like with Tails, but filter out certain things as well, maybe with something smaller like a browser or
application firewall.

Sounds like you are looking for what is known as an "Application

I am, is there any value to combining incoming access
to the Tor network and outgoing connections from applications as a
standalone tool? Vs using Little Snitch or built-in firewalls separately
from a Tor application like Tor Browser.

Thanks for this!


[0] https://lists.torproject.org/pipermail/tor-talk/2015-February/036719.html
[1] http://cryptographi.com/products/snoopsafe

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to