Security concerns/help me understand tor
Kyle Williams
kyle.kwilliams at gmail.com
Fri Nov 9 00:02:50 UTC 2007
On Nov 8, 2007 4:00 PM, Jefferson Iblis <fleshheap at gmail.com> wrote:
> On Nov 8, 2007 11:29 PM, Kyle Williams <kyle.kwilliams at gmail.com> wrote:
> >
> >
> > If you want to run a hidden server, such as a web site over a .onion
> > address, then that's fine.
> > If your router is disallowing people to access the admin webpage
> interface
> > from the Internet, that's probably a good thing.
> > But if running a Tor exit node opens up that admin webpage to the rest
> of
> > the Tor network, that's not good. At that point, anyone could
> anonymously
> > try and hack your router. God help you if they do get in, then your
> really
> > in trouble.
> >
> > There is no point in redirecting that type of request, it needs to be
> > rejected.
> > ....Maybe replying with a "bad hacker, not root for you!" webpage would
> be
> > funny though.
> >
>
> Seems the simplest solution would be to, by default, disallow Tor from
> accessing the local network, including what it discovers to be its
> externally accessible IP. Then anyone who wants to allow local access
> can explicitly turn on whatever they think is appropriate.
>
Exactly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20071108/3c7fa964/attachment.htm>
More information about the tor-talk
mailing list