Security concerns/help me understand tor
fleshheap at gmail.com
Fri Nov 9 00:00:16 UTC 2007
On Nov 8, 2007 11:29 PM, Kyle Williams <kyle.kwilliams at gmail.com> wrote:
> If you want to run a hidden server, such as a web site over a .onion
> address, then that's fine.
> If your router is disallowing people to access the admin webpage interface
> from the Internet, that's probably a good thing.
> But if running a Tor exit node opens up that admin webpage to the rest of
> the Tor network, that's not good. At that point, anyone could anonymously
> try and hack your router. God help you if they do get in, then your really
> in trouble.
> There is no point in redirecting that type of request, it needs to be
> ....Maybe replying with a "bad hacker, not root for you!" webpage would be
> funny though.
Seems the simplest solution would be to, by default, disallow Tor from
accessing the local network, including what it discovers to be its
externally accessible IP. Then anyone who wants to allow local access
can explicitly turn on whatever they think is appropriate.
More information about the tor-talk