[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Security concerns/help me understand tor

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Security concerns/help me understand tor
From: "Jefferson Iblis" <fleshheap@xxxxxxxxx>
Date: Fri, 9 Nov 2007 00:00:16 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 08 Nov 2007 19:00:25 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=r/tNZ6Tw0DIhLW2ygcX066FMnVOWxZCHTMUGTFNp6Ac=; b=I4Nk9SVVZ9wUk9JIKCoOJF55o/E7gIWW9FBuq/khxuPbUwaeDM0MlJ+UdlWiwFCM7jYz/pdU0qd94KqJeBbIPuhIyUNpbXtF6PhZ6eEVey6pJMAvQplrNRsoK2X/Ap/EU5s5y27QTgx3e8yNeNdmEsoy5XAplPblAizXJnrvlk0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ubDqmRMPvrpR4/2xYSTti3cyFgR5a/PKuMgRDiOaocxgUDwWyfzuvhxi7PEWlGNjeu1ZN4PbAo2P+Rjqp5401N8Lar6eAqHkvQ6quMI1XY2fdKE4ni93YEiFU3TyVxn2shdOovRJ2q7riwxOjv2fqfrYaEj9CH1Sn8t9Japt4lg=
In-reply-to: <21f144250711081529yf33a537lc3a3291ec8cd4d0d@xxxxxxxxxxxxxx>
References: <4732EFA7.2000108@xxxxxx> <843700.91678.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <21f144250711081529yf33a537lc3a3291ec8cd4d0d@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Nov 8, 2007 11:29 PM, Kyle Williams <kyle.kwilliams@xxxxxxxxx> wrote:
>
>
> If you want to run a hidden server, such as a web site over a .onion
> address, then that's fine.
> If your router is disallowing people to access the admin webpage interface
> from the Internet, that's probably a good thing.
> But if running a Tor exit node opens up that admin webpage to the rest of
> the Tor network, that's not good.  At that point, anyone could anonymously
> try and hack your router.  God help you if they do get in, then your really
> in trouble.
>
> There is no point in redirecting that type of request, it needs to be
> rejected.
> ....Maybe replying with a "bad hacker, not root for you!" webpage would be
> funny though.
>

Seems the simplest solution would be to, by default, disallow Tor from
accessing the local network, including what it discovers to be its
externally accessible IP. Then anyone who wants to allow local access
can explicitly turn on whatever they think is appropriate.

Follow-Ups:
- Re: Security concerns/help me understand tor
  - From: Kyle Williams

References:
- Re: Security concerns/help me understand tor
  - From: Ruben Garcia
- Re: Security concerns/help me understand tor
  - From: Martin Fick
- Re: Security concerns/help me understand tor
  - From: Kyle Williams

Prev by Author: Re: first hop to entry node, encrypted? sorry for trivial question
Next by Author: Re: Questions about a TOR server
Previous by thread: Re: Security concerns/help me understand tor
Next by thread: Re: Security concerns/help me understand tor
Index(es):
- Author
- Thread