It loses security as one endpoint is being used. Tor uses multiple endpoints for sucessive connections to avoid tracking a connection.<br><br><div><span class="gmail_quote">On 4/27/06, <b class="gmail_sendername">Tor User</b>
<<a href="mailto:toruser256@yahoo.com">toruser256@yahoo.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style="direction: ltr;">
<div>I've been running an Tor server (middleman only) for a while and I've been wondering about using FreeCap and an account on an SSH server that has a SOCKS proxy to tunnel my Tor server's connections over an SSH tunnel to the SOCKS proxy running on that SSH server.
<span> </span>Hopefully I explained that clearly, if not maybe this will help to visualize it:<br><br></div> <div>TOR Server – FreeCap – SSH Tunnel – SOCKS proxy – [Out to internet] <br><br></div> <div>I have tried testing this and it works.
<span> </span>Clients are able to connect to my TOR server, and in trying it myself there is no noticeable increase in latency (ping time to the SSH server is < 15ms, and the server has a fast CPU and faster network connection).
<span> </span>As far as I can tell, based on netstat and the like, when I client connects to my server, their circuit is built
through the SSH tunnel and then to the SOCKS proxy server, and then out on the internet to the next Tor server in the circuit.<span> </span>When data comes back to my Tor server, it first comes through the SOCKS proxy on to the SSH tunnel, and then to my Tor server, then to the client or other Tor server in the chain.
<br><br></div> <div>I get the feeling that this should be more secure because:<br><br> </div> <div>My ISP can't monitor my Tor server's outgoing connections.</div> <div>Even of the SSH/SOCKS server's connection was monitored, other peoples Tor circuits should be mixed in with my Tor server's connections.
</div> <div><br>Any thoughts on this?<span> <br><br> </span></div> <div>Also, just so there is no confusion, I am an authorized user of the SSH/SOCKS server, and I am not under any bandwidth or CPU usage
constraints.<span> </span>My access to the server is very fast and the tiny bit of latency seems trivial.<span> </span>I'm only interested in the security implications of this approach.<span> </span>Thanks!</div></div>
<div style="direction: ltr;"><span class="ad"> <p>
</p><hr size="1">Love cheap thrills? Enjoy PC-to-Phone <a href="http://us.rd.yahoo.com/mail_us/taglines/postman9/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
calls to 30+ countries</a> for just 2¢/min with Yahoo! Messenger with Voice.
<p></p></span></div></blockquote></div><br><br clear="all"><br>-- <br>"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."<br>-- Benjamin Franklin