Re: Security concerns/help me understand tor

On Nov 8, 2007 8:53 AM, Martin Fick <mogulguy@xxxxxxxxx> wrote:

On Wed, Nov 07, 2007 at 08:20:37AM -0800, Martin
Fick wrote:
> My home router offers an http administration
> console on port 80 which for obvious security
> reasons is normally only accessible from the
> internal facing side of the router. While
> many of these home routers typically have an
> internal private IP such as 192.168.1.1 and
> an external public IP, they sometimes respond
> to both IPs from the inside and sometimes they
> even allow access to the administration console
> on the external IP if it is accessed from the
> internal side of the router (mine does). This
> would not normally be a problem, but add a tor
> exit server to the inside of a home network
> serviced by such a router and ...you can
> probably guess where I am going with this.

...

--- Kyle Williams <kyle.kwilliams@xxxxxxxxx> wrote:
>
> If anyone is concerned about this, and you should
> be add the following to your torrc.
>
> ExitPolicy reject <YOUR_EXTERNAL_IP>:*
>
> Obviously replacing <YOUR_EXTERNAL_IP> with your
> real IP address...not your internal (LAN) IP
address.

...
--- Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
>
> I run a few services on the net. I like the idea
> that if I run a Tor server on the same machine
> (on the same interface, with the same IP) as
> my service, people using Tor will prefer my node as
> their exit node. This allows me to provide services
> indirectly to the Tor network without very much
> effort. Smart routing is neato. This is a
> feature and a pretty neat one at that.

...
--- Ruben Garcia <ruben@xxxxxx> wrote:
> Perhaps it might be possible to tell tor about the
> router's nat policy so that if the router is
> supposed to port forward the external request
> to <ipA>:<portA>, tor does it itself.
> That way, the problematic
>
> host->tor->tor->your host tor->router->your host web
>

> can become
>
> host->tor->tor->your host tor->your host web
>
> (This requires some changes to the torrc and tor
> source, so I'd like to add it to the feature
> request list in case somebody has free time)

That would be a hidden service. Tor already does that.
What we are talking about is secure defaults for exit nodes.

This seems like a nice valid option, spoofing
the external IP from within the tor exit node?
In other words if the web internal IP is say:
192.168.1.2 , any request for the external
IP through the tor exit would actually yield
a request directly to the web server's internal
IP, 192.168.1.2, instead?

That's a horrible idea. You do NOT want everyone to be able to anonymously fuck with your router's admin page.
You don't need to redirect that specific request either. It needs to be dropped. If you want to offer up a website, then use the hidden service feature of Tor.

That sounds like a nice feature to be able to
get the best of both worlds: 1) security for
the relay operator and 2) for users accessing
the NATed web site!

Yes, a hidden service will work behind a router (or NAT'd setup).

Naturally this should be configurable for
specific ports only. Of course, adding an
IP spoofing mechanism directly to tor exit
nodes makes it that much easier for IPs in
general to be spoofed by exit nodes! :(

-Martin

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com