Security concerns/help me understand tor

Jacob Appelbaum jacob at appelbaum.net
Fri Nov 9 01:42:28 UTC 2007


Kyle Williams wrote:
> On Nov 8, 2007 3:54 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> 
>> Kyle Williams wrote:
>>>>> (This requires some changes to the torrc and tor
>>>>> source, so I'd like to add it to the feature
>>>>> request list in case somebody has free time)
>>> That would be a hidden service.  Tor already does that.
>>> What we are talking about is secure defaults for exit nodes.
>>>
>>> That's a horrible idea.  You do NOT want everyone to be able to
>> anonymously
>>> fuck with your router's admin page.
>>> You don't need to redirect that specific request either.  It needs to be
>>> dropped.  If you want to offer up a website, then use the hidden service
>>> feature of Tor.
>>>
>> I agree that you don't want someone to mess with my admin page. I don't
>> have an admin page, I have a service.
>>
>> I think that it's a feature that in your presented case has an
>> unintended consequence. It's not as useless as you think. Furthermore,
>> it's *not* a hidden service. Hidden services are often slower than any
>> other Tor network function. You could *also* use a hidden service if you
>> wanted but that's not the same thing.
>>
>> Something useful you could do with the exit enclave:
>> Run a mixmaster server
>> Run Tor with the ability to exit to your mixmaster server
>> Now all people who can use Tor could use mixmaster, even if mixmaster
>> was blocked and without exiting through a node you don't trust.
>>
>>
>> ( Yes, I realize you could possibly exit and use the mixmaster network
>> without this setup. And yes I realize that mixmaster is able to be
>> observed without worry, I think this setup is useful anyway. )
>>
>>> If you want to run a hidden server, such as a web site over a .onion
>>> address, then that's fine.
>>> If your router is disallowing people to access the admin webpage
>> interface
>>> from the Internet, that's probably a good thing.
>>> But if running a Tor exit node opens up that admin webpage to the rest
>> of
>>> the Tor network, that's not good.  At that point, anyone could
>> anonymously
>>> try and hack your router.  God help you if they do get in, then your
>> really
>>> in trouble.
>> Exit enclaves aren't .onions. They're two different things. They're also
>> used differently and with different threat models. Furthermore, one is
>> very reliable and the other isn't always so reliable at times. It's also
>> a known and documented issue.
>>

You forgot to address the above comments that you quoted. It has
relevance to the next question you did address.

>> Do you also think Tor should automatically block access to all RFC 1918
>> address space unless otherwise enabled? Why should Tor be so automatic
>> about your specific preferences?
>>
> 
> How about you not restrict all  the RFC 1918 address spaces in your network,
> tell which exit node you run, and let me have some fun playing inside your
> network anonymously.
> 

I think that's the case right now. Perhaps you could share some of your
finding to help people understand your concerns?

Regards,
Jacob



More information about the tor-talk mailing list