Question about the vulnerability

Freemor freemor at yahoo.ca
Sat Aug 11 22:13:12 UTC 2007


On Sat, 2007-11-08 at 15:33 -0400, nobledark at hushmail.com wrote:
> Roger, thank you for your response - I did follow that thread when 
> it came out and upgraded my systems. The question I have is not 
> really about the vulnerability but more of a general operational 
> one - in what situations is the control port actually used? If I am 
> not running a Tor server but using Tor in client mode, does the 
> Control Port get used? What is it used for? 

The control port is used to let you, another program, another computer,
control/communicate with TOR. If you just install tor as a client and
don't mess about with the config file the control port should be closed
by default. if you install a tor/Vidalia bundle the control port will
need to be open so Vidalia can control/communicate with TOR Same would
go for if you were using TorK, if your TOR is on a net appliance and
configured to be controlled/communicate with Vidalia/TorK/etc on another
machine.

Privoxy doesn't fall into this discussion as it just shuttles data
through tor rather then communicating with TOR

you can read more on the control port at:
http://tor.eff.org/tor-manual.html.en

and 

http://tor.eff.org/svn/trunk/doc/spec/control-spec.txt

long story short... if you are using a GUI for tor the control port is
most likely open.



Freemor <freemor at yahoo.ca>
Freemor <freemor at rogers.com>

This e-mail has been digitally signed with GnuPG

See: http://gnupg.org/ for more details


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070811/aa51e6a8/attachment.pgp>


More information about the tor-talk mailing list