[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Security concerns/help me understand tor

Kyle Williams wrote:
> I don't want to post all the results of my research, for fear that truly
> evil Torrorist would go crazy with this.  Let's just say that this could be
> very, very bad.  Trust me, Roger, this isn't something that should be taken
> lightly.  The moment Tor knows it's own external IP, and is operating as an
> exit node, it should (in code) automatically disallow connections to it's
> own external IP.  Unless someone has a really good reason why you would need
> access to your external IP address from inside your LAN.

I run a few services on the net. I like the idea that if I run a Tor
server on the same machine (on the same interface, with the same IP) as
my service, people using Tor will prefer my node as their exit node.
This allows me to provide services indirectly to the Tor network without
very much effort. Smart routing is neato. This is a feature and a pretty
neat one at that.

> BTW, I tried the 'responsible discloser' once already in IRC, remember
> Roger?
> So I don't feel bad one bit for talking about this with others.
> At least I included a temporary solution to the problem.

I didn't know about your IRC discussion however, I think you should
disclose the results of your research to tor-assistants@xxxxxxxxxxxxxxx

I'm sure it would be appreciated and everyone would be keen to hear more
about it.