[tor-talk] allowing access to LAN IPs

sajolida sajolida at pimienta.org
Sat Nov 5 14:58:49 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi everybody,

It's my first post here, I'm part of the team developing Tails.

In the context of the development of Tails we want Firefox to allow
connecting to webservers on LAN (RFC-1918) IPs. For example, some users
might want to use an Etherpad installation on the local network before
publishing their text on a blog.

To access those resources, the user would have to type the IP of the
local server in the location bar, and not its hostname, in order to
bypass Tor DNS.

Our initial plan is just to use FoxyProxy rules to grant direct access
(without proxy) to LAN IPs.

With this setup, we couldn't think about an attack which would be made
possible by allowing this only: if an attacker in control of both local
and online resources tries to de-anonymize a local user accessing online
resources, this user could be de-anonymized anyways by other means, we
believe this true by design with Tor.

If such an attack is still possible we also thought about modifying
Torbutton to treat LAN IPs as 'local' and not 'online', just as it does
for URLs such as 'file:///'.

What do you think of this idea?
Can you think about possible attacks that would defeat our plan?

- -- 
sajolida
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJOtU8kAAoJEJ5bBPQw+Aos7E4P/3L8ocxgQsJhInGJ4ecD9XKF
Y6ZO1Gk88LCicf/AnIU0TtYjlN7vgkw5bgYkJSq16JI/zdket67A09JQbDPbtNER
kwlclSd7uGyCIVL3IDe9uaSx/E/6yDQY5Jt9Eq4dtWQInQbLDCFGDT45mYo02K3T
O6btFyUHdxjBpVLrWCGtpwmeDyQ5QmSEbRoKYDcPR7yRW563Q3EhIzDb/sGMMJug
1fqqgPAVfe0rbEVNSmOmDha/jDWj9y89KeIDd9DNnocjK/2crnx15gorw6K/+epm
RtoD/+7qdgi7YMy5OeiZ2H2YjF7CVWaXyU3c6lVdcAgFiy+iE3qtZMfVWDBOzqx6
7nF2SLjmFKcvWTLmxKcePBGxLWlykGDy91F8EGYwZ50ArW+2Gf957YpX3kVeJtY4
4OJAzZ7NU9L1DEujxDDFCWEH4hvw86dlcW3MrSpTGqVUTYaLDF0jmBXj6mMyTpCP
BOF0nlmw0NT6jwlE9OtcCHQY/f+aRVY5Jc3R6KDHdYpZQOynQAqTxc+6EvuJQBUa
DxKGUuIHMvYorHdbTD8bB1yS98EnDIw4VVSUvCug//tfavarTyX9Pqd9PSMS46XX
ak819fZfAn51qiuED2pXu+ZC1lF9B3Yisw/BUMf/tLpQPAbPh6qkDJ5+l7JEY6P4
ROgJcigu7Vnl45XzQfvS
=LQZ+
-----END PGP SIGNATURE-----


More information about the tor-talk mailing list