Security concerns/help me understand tor
Jacob Appelbaum
jacob at appelbaum.net
Thu Nov 8 08:57:53 UTC 2007
Kyle Williams wrote:
> I don't want to post all the results of my research, for fear that truly
> evil Torrorist would go crazy with this. Let's just say that this could be
> very, very bad. Trust me, Roger, this isn't something that should be taken
> lightly. The moment Tor knows it's own external IP, and is operating as an
> exit node, it should (in code) automatically disallow connections to it's
> own external IP. Unless someone has a really good reason why you would need
> access to your external IP address from inside your LAN.
>
I run a few services on the net. I like the idea that if I run a Tor
server on the same machine (on the same interface, with the same IP) as
my service, people using Tor will prefer my node as their exit node.
This allows me to provide services indirectly to the Tor network without
very much effort. Smart routing is neato. This is a feature and a pretty
neat one at that.
> BTW, I tried the 'responsible discloser' once already in IRC, remember
> Roger?
> So I don't feel bad one bit for talking about this with others.
> At least I included a temporary solution to the problem.
>
I didn't know about your IRC discussion however, I think you should
disclose the results of your research to tor-assistants at torproject.org.
I'm sure it would be appreciated and everyone would be keen to hear more
about it.
Regards,
jacob
More information about the tor-talk
mailing list