[tor-relays] Relay security, re: local network

Lukas Erlacher l.erlacher at gmail.com
Wed Sep 25 20:33:14 UTC 2013 

Running a tor relay will increase your attack surface vis-a-vis the
internet in the same way that running any other internet-facing
service that could be owned (via, say, a buffer overflow) would.

In general, it is also common that once somebody has taken over a
machine inside your internal network, it is much easier for them to
attack the rest of your internal network.

There are probably no known exploits for the latest stable version of
tor. If an attack surfaces, you will see an announcement on
tor-announce. (the last security announcement was in august:
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html)

There are a few things you can do about this, like putting your tor
relay into a DMZ so it can not talk to the rest of your internal
network - the same as for any other internet-facing service you run.
I'm not a networking expert, so I can't give you specific instructions
for that - I hope someone who does will chime in.

Best
Luke

2013/9/25 Joe <yesman at riseup.net>:
> Hi,
>
> I'm planning to run a Tor relay on a spare computer at home. Security is a
> concern, and not only regarding the machine running the relay but also my
> other computers. Are there any (theoretical or otherwise) known attacks a
> person can perform on a running Tor relay to take remote control of it, and
> assuming the said person could pull that off, is it possible to extend this
> control to the other computers behind the same router? I am aware of
> possible DDOS attacks and other risks related to running an exit, but i am
> comfortable in taking these chances in my
> environment.
>
> I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian
> or some flavor of Ubuntu which i am more familiar with, and use full-disk
> encryption with strong passwords. Are there any risks to my other computers
> worth consideration?
>
> Thanks.
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list