OnionCat -- An IP-Transparent TOR Hidden Service Connector
7v5w7go9ub0o
7v5w7go9ub0o at gmail.com
Wed Jun 25 23:59:31 UTC 2008
F. Fox wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> 7v5w7go9ub0o wrote:
> (snip)
>> 1. Connecting via TOR would be an extra, minor security option to
>> conceal the fact that my home is running a VNC server - eavesdropping
>> kids at the hotspot may try to make it a hacking "prize".
>
> You should know that VNC is considered an insecure protocol; the wise
> thing to do, is to allow it only to run over a secure tunneling protocol
> (e.g., SSH, or a VPN program).
Thanks.... Good point.
My present setup (MX) uses SSH to connect client to host; it tunnels its
mx protocol within SSH.
(FWIW, Because some hotspots limit one to 80/443, my host has sshd
listening on 443, and I connect encrypted to it. (I presume that only
the most sophisticated DPI could discern that I'm using SSH instead of
HTTPS :-) ))
>
> This is not only because many variations of VNC don't provide their own
> encryption (remember, exit nodes can sniff - and they can see WAY too
> much if you're using plain VNC!), but also because such a protocol would
> strengthen the authentication required to get in.
This actually creates another question (not to be argumentative :-) ).
Given that there is no exit node, would an OnionCat to OnionCat
connection over TOR need to be encrypted? Is it plain-text anywhere
along the line?
(This would be a consideration, given SSH is tcp and TOR is tcp, and I
might get the tcp over tcp tunnel ( "TCP meltdown" ) timing conflict, it
might be good to send the MX/VNC protocol unencrypted)
Thanks in Advance
More information about the tor-talk
mailing list