Security concerns/help me understand tor

Kyle Williams kyle.kwilliams at gmail.com
Thu Nov 8 23:29:47 UTC 2007


On Nov 8, 2007 8:53 AM, Martin Fick <mogulguy at yahoo.com> wrote:

> On Wed, Nov 07, 2007 at 08:20:37AM -0800, Martin
> Fick wrote:
> > My home router offers an http administration
> > console on port 80 which for obvious security
> > reasons is normally only accessible from the
> > internal facing side of the router.  While
> > many of these home routers typically have an
> > internal private IP such as 192.168.1.1 and
> > an external public IP, they sometimes respond
> > to both IPs from the inside and sometimes they
> > even allow access to the administration console
> > on the external IP if it is accessed from the
> > internal side of the router (mine does).  This
> > would not normally be a problem, but add a tor
> > exit server to the inside of a home network
> > serviced by such a router and ...you can
> > probably guess where I am going with this.
>
> ...
> --- Kyle Williams <kyle.kwilliams at gmail.com> wrote:
> >
> > If anyone is concerned about this, and you should
> > be add the following to your torrc.
> >
> > ExitPolicy reject <YOUR_EXTERNAL_IP>:*
> >
> > Obviously replacing <YOUR_EXTERNAL_IP> with your
> > real IP address...not your internal (LAN) IP
> address.
>
> ...
> --- Jacob Appelbaum <jacob at appelbaum.net> wrote:
> >
> > I run a few services on the net. I like the idea
> > that if I run a Tor server on the same machine
> > (on the same interface, with the same IP) as
> > my service, people using Tor will prefer my node as
> > their exit node. This allows me to provide services
> > indirectly to the Tor network without very much
> > effort. Smart routing is neato. This is a
> > feature and a pretty neat one at that.
>
> ...
> --- Ruben Garcia <ruben at ugr.es> wrote:
> > Perhaps it might be possible to tell tor about the
> > router's nat policy so that if the router is
> > supposed to port forward the external request
> > to <ipA>:<portA>, tor does it itself.
> > That way, the problematic
> >
> > host->tor->tor->your host tor->router->your host web
> >
>

> > can become
> >
> > host->tor->tor->your host tor->your host web
> >
> > (This requires some changes to the torrc and tor
> > source, so I'd like to add it to the feature
> > request list in case somebody has free time)
>

That would be a hidden service.  Tor already does that.
What we are talking about is secure defaults for exit nodes.


>
> This seems like a nice valid option, spoofing
> the external IP from within the tor exit node?
> In other words if the web internal IP is say:
> 192.168.1.2, any request for the external
> IP through the tor exit would actually yield
> a request directly to the web server's internal
> IP, 192.168.1.2, instead?
>

That's a horrible idea.  You do NOT want everyone to be able to anonymously
fuck with your router's admin page.
You don't need to redirect that specific request either.  It needs to be
dropped.  If you want to offer up a website, then use the hidden service
feature of Tor.


> That sounds like a nice feature to be able to
> get the best of both worlds: 1) security for
> the relay operator and 2) for users accessing
> the NATed web site!


Yes, a hidden service will work behind a router (or NAT'd setup).


>
> Naturally this should be configurable for
> specific ports only.  Of course, adding an
> IP spoofing mechanism directly to tor exit
> nodes makes it that much easier for IPs in
> general to be spoofed by exit nodes! :(
>
>
> -Martin
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>


If you want to run a hidden server, such as a web site over a .onion
address, then that's fine.
If your router is disallowing people to access the admin webpage interface
from the Internet, that's probably a good thing.
But if running a Tor exit node opens up that admin webpage to the rest of
the Tor network, that's not good.  At that point, anyone could anonymously
try and hack your router.  God help you if they do get in, then your really
in trouble.

There is no point in redirecting that type of request, it needs to be
rejected.
....Maybe replying with a "bad hacker, not root for you!" webpage would be
funny though.


- Kyle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20071108/50fdd504/attachment.htm>


More information about the tor-talk mailing list