[tor-talk] corridor, a Tor traffic whitelisting gateway
Patrick Schleizer
patrick-mailinglists at whonix.org
Sat Jan 31 17:50:42 UTC 2015
Gavin Wahl:
>> I think the topic Bridge Firewall is also related here:
>>
> https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/BridgeFirewall
>
>
>>
>> (The topic didn't move there yet, but it's all very similar ideas
>> we're discussing here.)
>
> Isn't corridor exactly what that article is describing?
Corridor also supports connecting to normal Tor relays (not bridges) only.
> It seems like it's also vulnerable to the 'Severe issue' in the
> article -- a compromised tor host behind corridor can get its public
> IP address with the 'getinfo address' Tor control protocol command
> and deanonymize.
Quote
https://github.com/rustybird/corridor/#pitfalls
>
>
> corridor cannot prevent malware on a client computer from directly
> contacting a colluding relay to find out your clearnet IP address.
> The part of your client system that can open outside TCP connections
> must be in a trustworthy state! (Whonix and Qubes-TorVM are
> well-designed in this respect.) Discussion:
>
> https://lists.torproject.org/pipermail/tor-talk/2014-February/032153.html
>
>
https://lists.torproject.org/pipermail/tor-talk/2014-February/032163.html
>
> Whonix includes this in its threat model -- you should be able to
> run arbitrary/compromised code behind the tor gateway and be safe.
Yes.
> Can corridor do anything about it?
I don't think so, but happy to be proven wrong.
You might be interested in this comparison, that includes corridor:
https://www.whonix.org/wiki/Comparison_with_Others
Full disclosure:
I am a maintainer of Whonix.
Cheers,
Patrick
More information about the tor-talk
mailing list