"Practical onion hacking: finding the real address of Tor clients"
coderman
coderman at gmail.com
Tue Oct 24 18:45:36 UTC 2006
On 10/24/06, George Shaffer <George.Shaffer at comcast.net> wrote:
> ...
> It's not that I don't trust my firewall, I just don't want to invite
> random attacks, because a broad probe of many port 80s, happens to find
> an open one on my machine.
as you mentioned further down, the presence of your node in the
directory will do more to "invite attacks" than an open port 80 i
suspect.
you can configure other ports, but 80/443 are recommended precisely
because most firewalls let web traffic pass (and thus these clients
behind restrictive firewalls can still use Tor).
> Either way though, packets are now sent from the Tor node system that
> can be fingerprinted to determine the OS, version, and some other facts
> about the OS running the Tor node and possibly firewall.
your OS is usually displayed in the directory as well. for example:
http://serifos.eecs.harvard.edu/cgi-bin/desc.pl?q=peertechdata
[Linux i686]
> Does Tor have any [<unknown vulnerabilities>]? ...
like any network software there are a number of things you can do to
address security concerns. Tor has a good security record, but
certainly isn't perfect. you might check
http://wiki.noreply.org/noreply/OperationalSecurity for details but
you appear to be familiar with the usual tricks.
> I could put Tor on an individual client rather than the firewall. Then I
> have to set up Tor on each client I might want to use.
i like this approach, with the client serving VPN connections (PPTP,
OpenVPN) that force a default route through it and Tor for any users
on the same internal network. it does not make much sense to run a
server and lots of clients behind the same IP if you can just share
use of the server.
when a user wants to be anonymous, they activate the privacy vpn, and
no IP leakage (even javascript, flash, etc) occurs. when they are
finished, just disconnect.
see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy
for more info.
you could even use a virtual machine for the tor server. there is
some rough detail to do this with janusvm in the "Alternative
Solutions" mentioned here:
http://wiki.noreply.org/noreply/TheOnionRouter/WindowsBufferProblems
> ...
> TOR as a server runs on hundreds, rather than tens of thousands to
> millions of computers, so it is not likely to have (yet) attracted much
> malicious scrutiny. Once a single malicious attacker decides to focus on
> Tor, he can get the source code to help him, but the Tor community does
> not have the resources to find a quick solution, the way the large open
> source communities do.
this feels like a straw man. there are valid security bones to pick
with Tor but capable and motivated developers are behind it. would
more support / community be helpful? absolutely. but size alone is
less useful a metric than you think...
one last comment:
an additional reason to run a server which i haven't seen listed in
this thread is hidden services. while not a compelling feature, they
are useful for some purposes.
best regards,
More information about the tor-talk
mailing list