-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Depends really....
If you want to just be a relay, the issues are "less" dangerous. However, you wouldn't run this on a network with sensitive stuff.....would you? Really in this mode you are just a relay/router on the Tor network and you pass traffic along to the next Tor relay. You might have issues if you want to be an exit node. This mean you are an exit point out of the Tor network, meaning your IP shows up in logs.... Traffic can be the exit point for traffic of good people trying to gain anonymity. It can also be used by bad people trying to use the same anonymity for attacking other systems/etc. You can control the exit policies though to limit the type of traffic that can exit. You can also act as a "bridge" provider of sorts. For those Tor clients that can't reach the Tor network directly and pull the core nodes, you can provide a list of those nodes to them. You have to let traffic directly to your Tor bridge service though, so you'll open up a port for that. This could attacked directly. Another dangerous function of Tor is the capability of setting up Tor services. Essentially you can have a service available "anonymously" on the Tor network. This is really scary...considering you could have a service (SSH, FTP, etc..) tunneled right into your network. The person connecting externally would of course be anonymous too. They could then attack the "service" you are providing...like a vulnerable FTP server or attack accounts on SSH with weak passwords for example. If you are controlling your instance, you have to set up the Tor services manually, so accidental Tor services configurations should be easy to avoid. Like any service you run on a system whether Windows or *nix, it would be a good idea to harden the system. Just run the relay on a separate system and only run the relay on it. - -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Wednesday, January 12, 2011 11:28 AM To: [email protected] Subject: Tor Hello Everyone, What are the security implications of running a Tor relay on a machine behind a firewall? Is there a high probability of it being hacked somehow, and what does one do to prevent that? Thank you in advance for your time and advice. mailto:[email protected] -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.1.0 (Build 860) Charset: us-ascii wsBVAwUBTS53zN5H296l0vm5AQhcHwf9HkrkM/lh46pAoZig/6XMjLG8ayMMkx2I 11OihNL0vil06mizFF+5AL00k3tOm40rkVKQwFoCF4uP2XkTwQFL1AgOM66AB0bB B9AAtLc5JZChGPPNmH5Gw4+TstpagvyCy3bcbJDLOWkQY7nD/K7Hb+HQxgvi8mrp 53HSZN2q45FwVMwSoIAxJWxYE673N8CpXpTqcMoAx4dFqIi6+1jsVLqTNCDLYwHh WMpmAEJE/M1fm3v7V8VDOrF4cNpKNyCNz809e3mXgcXo0eScDcPNYhTvqUSM1jPZ zqcbgm4gxFSWwHZVGlxO8AGYMO4WAntC87bRK2xtb2fqtPs/z6Gk4g== =Vp/O -----END PGP SIGNATURE-----
