[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] allowing access to LAN IPs
-----BEGIN PGP SIGNED MESSAGE-----
It's my first post here, I'm part of the team developing Tails.
In the context of the development of Tails we want Firefox to allow
connecting to webservers on LAN (RFC-1918) IPs. For example, some users
might want to use an Etherpad installation on the local network before
publishing their text on a blog.
To access those resources, the user would have to type the IP of the
local server in the location bar, and not its hostname, in order to
bypass Tor DNS.
Our initial plan is just to use FoxyProxy rules to grant direct access
(without proxy) to LAN IPs.
With this setup, we couldn't think about an attack which would be made
possible by allowing this only: if an attacker in control of both local
and online resources tries to de-anonymize a local user accessing online
resources, this user could be de-anonymized anyways by other means, we
believe this true by design with Tor.
If such an attack is still possible we also thought about modifying
Torbutton to treat LAN IPs as 'local' and not 'online', just as it does
for URLs such as 'file:///'.
What do you think of this idea?
Can you think about possible attacks that would defeat our plan?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
tor-talk mailing list