[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Security concerns/help me understand tor

On Nov 8, 2007 4:00 PM, Jefferson Iblis <fleshheap@xxxxxxxxx> wrote:
On Nov 8, 2007 11:29 PM, Kyle Williams <kyle.kwilliams@xxxxxxxxx> wrote:
> If you want to run a hidden server, such as a web site over a .onion
> address, then that's fine.
> If your router is disallowing people to access the admin webpage interface
> from the Internet, that's probably a good thing.
> But if running a Tor exit node opens up that admin webpage to the rest of
> the Tor network, that's not good.  At that point, anyone could anonymously
> try and hack your router.  God help you if they do get in, then your really
> in trouble.
> There is no point in redirecting that type of request, it needs to be
> rejected.
> ....Maybe replying with a "bad hacker, not root for you!" webpage would be
> funny though.

Seems the simplest solution would be to, by default, disallow Tor from
accessing the local network, including what it discovers to be its
externally accessible IP. Then anyone who wants to allow local access
can explicitly turn on whatever they think is appropriate.