[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] wget - secure?



Hi again :)

>On Fri, Apr 20, 2012 at 17:15, Robert Ransom <rransom.8774 at gmail.com> wrote:
>
>>On 2012-04-18, Joseph Lorenzo Hall <joehall at gmail.com> wrote:
>>
>>The underlying point is that it would be neat if
>>you've done a comprehensive analysis of a specific version of Tor,
>>etc., etc.

>No, the underlying point is that I have personally seen wget send my
>computer's IP address over Tor in an FTP PORT command.  wget is not
>â100% safeâ.
>
>The code to send a PORT command is still present in wget 1.13.4.  wget
>1.13.4 is not â100% safeâ; anyone who wants to recommend it needs to
>specify a particular configuration of wget which is safe.  (Don't
>count on a âdefault configurationâ; Linux distributors might have
>messed with it, or failed to update it to the version shipped in
>recent wget source distributions.)

Hi there Robert Randsom, thanks for such good info. Can you please point me to documents, or directions, to test FTP PORT command with my setup: Wget 1.13.4  (openssl 1.0.0g), Privoxy v3.0.19, , and Wireshark 1.6.8, on Windows 7 x64 Home Premium  SP1?

I want to test what you write, and so far I tried 'host IPadress' [1], at a FreeBSD FTP server [2], but I didn't know what to look for; am I on the right track? For now, I close port 21 on my computer, when using Wget; is that good enough for now? 

I look to see if there's a way to disable FTP, but nope, and that's probally showing my noobiesness, ha. Anyway, if I can help I'm happy to be helpful, so, drop me a line! :)

Here's how I started Wget:

wget -c --no-parent ftp://ftp.freebsd.org/pub/FreeBSD/

>And that's not even the potential information leak that folks who are
>familiar with âanonymous FTPâ would check for first.
>Robert Ransom

I don't know to what you're eluding, however, I was thinking the following setting may mitigate anonymous FTP issues, if I understand the 1.13.4 MAN entry [3] correctly...

(ex. in wgetrc.txt)
ftp-user = Jane
ftp-password = LovesTor




[1] http://portforward.com/networking/wireshark.htm
[2] ftp://ftp.freebsd.org/pub/FreeBSD/
[3] http://www.gnu.org/software/wget/manual/wget.html#FTP-Options
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk