[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Security concerns/help me understand tor



> Perhaps I can try illustrating this better.
>
> To start with we have website W hosted on internal
> private IP P (192.168.1.2) forwarded to the world
> by a NATting router with internal IP GW (192.168.1.1)
> at external IP E.  Anyone on the outside can (and are
> supposed to be able to!) get to web site W by
> accessing E, not P, with or without tor.
>
> 1) Site (W)  [P]<--- NAT [E]<---- Internet (anyone)
>
> But with or without tor no-one can actually get to
> W from the intranet, I, on external IP E since the
> router intercepts that IP, E, and presents its
> admin console A on E.
>
> So, instead of seeing this:
>
> 2) Client     [I]--->[E]  Router
>     Site  (W) [P]<---     Router
>
> intranet clients get:
>
> 3) Client     [I]--->[E]  Router Admin Console (A)

In other words, any access to port 80 on the router from inside the
network gives the admin console, even if you are using the external IP
address, and have a mapping from external IP to intranet host with
website.

Dang. I ran into one of those a few years ago, and they were a bleep.

And the "obvious" (now that it was mentioned) security concern -- if
someone tricks your system, and tries to access an internal server
from inside the router by malicious intent, getting special access to
the server. The router might think that it's protecting you from that.

Except:
1. The very nature of "I want public requests to this IP:port to go to
that server" means there's no special access to protect against.
2. It's not the router's job to secure the rest of the net.
3. This does nothing to solve the whole "DNS says that attacker.com is
at 128.128.2.3 and 192.168.1.2. The first didn't work, so I'll try the
second" issue.

I'd say, if I understand things correctly, that your router is broken,
by design, and should be returned to the manufacturer if still under
warranty, or just plain replaced.