Hi, I have a concern that running a tor may in some cases provide a security breach allowing unexpected access to the inside of certain networks that are behind firewalls. In particular, I am concerned with what I assume is a fairly common design for home routers. This scenario may well illustrate how little I understand about tor, if so, could someone please set me straight. :)
My home router offers an http administration console on port 80 which for obvious security reasons is normally only accessible from the internal facing side of the router. While many of these home routers typically have an internal private IP such as 192.168.1.1 and an external public IP, they sometimes respond to both IPs from the inside and sometimes they even allow access to the administration console on the external IP if it is accessed from the internal side of the router (mine does). This would not normally be a problem, but add a tor exit server to the inside of a home network serviced by such a router and ...you can probably guess where I am going with this. Suppose that Bob hosts a tor exit server NATed behind one of these routers and perhaps he even hosts a public facing website NATed to this router since it is behind his router/firewall. If Alice decides to check out Bob's website using tor she may suddenly be given the opportunity to test her ethical disposition for being an attacker by unexpectedly being presented with the login screen to Bob's router admin console! This, of course, should only happen if Alice's tor client chooses Bob's tor server as the exit node. But, if I understand the tor documentation correctly, this would in fact be the preferred way for tor client's to access Bob's website since they should be able to detect that Bob's website and his tor exit server are in fact both (NATed to) the same public IP!!!! If I am correct about this possibility, and without arguing the virtues of whether these routers are doing the right thing by providing access to the admin console from the external IP from their inward facing interface, I think that tor relay providers should be strongly warned about this possibility in the tor documentation! I am not sure that there is a good default (out of the box) way to prevent this from happening with tor, but I suspect that if Bob sets an exit policy explicitly rejecting his own IP that he would be safe from this sort of compromise? And to add a tiny bit of credibility to this theory: I believe that I experienced accessing my own router this way through tor last night after running my server for about an hour. But, I could not reproduce it today and I am unwilling to try this for very long since I do not want to be so exposed. All this leads to another question I have about tor which will probably really show how ignorant I am. What prevents tor exit nodes from spoofing any IP that they want and easily setting up phishing attacks?? Afterall, they are now potentially acting as routers for anyone trusting enough to use tor, can't they decide where to send their exit streams and spoof any public IP? A new excited but confused/concerned tor user, ;) Thanks, -Martin __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com