[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Practical onion hacking: finding the real address of Tor clients"

On Tue, 2006-10-24 at 14:45, coderman wrote:
> On 10/24/06, George Shaffer <George.Shaffer@xxxxxxxxxxx> wrote:
> > ...
> > It's not that I don't trust my firewall, I just don't want to invite
> > random attacks, because a broad probe of many port 80s, happens to find
> > an open one on my machine.
> as you mentioned further down, the presence of your node in the
> directory will do more to "invite attacks" than an open port 80 i
> suspect.

I agree.

> > TOR as a server runs on hundreds, rather than tens of thousands to
> > millions of computers, so it is not likely to have (yet) attracted much
> > malicious scrutiny. Once a single malicious attacker decides to focus on
> > Tor, he can get the source code to help him, but the Tor community does
> > not have the resources to find a quick solution, the way the large open
> > source communities do.
> this feels like a straw man.  there are valid security bones to pick
> with Tor but capable and motivated developers are behind it.  would
> more support / community be helpful?  absolutely.  but size alone is
> less useful a metric than you think...

It seemed reasonable when I wrote it, but your response seems right.

George Shaffer