Thanks for the response. SOCKS 5 insecurity: If you use username/password authentication (as Tor does), the username and password are sent in the clear. That's one reason not to open the SOCKS 5 port to the world. Another reason might be that a user is unable to modify proxy settings, e.g. in an Internet cafe.
I've never used GSSAPI authentication, but my understanding is that SOCKS 5 is secure if you use it. Corrections always welcome. Cheers, James On Wed, Dec 4, 2013 at 11:40 AM, Roman Mamedov <r...@romanrm.net> wrote: > On Wed, 4 Dec 2013 10:57:36 -0800 > James Marshall <ja...@jmarshall.com> wrote: > > > SOCKS 5 is insecure if the client and server are on different hosts and > > What exactly that insecurity consists of? > > If your aim is to open an client-less "in-proxy" to Tor network for anyone > to > use, then you might just as well open your SOCKS 5 port to the world. > > AFAIK any insecurity in SOCKS is related only to authentication, i.e. > unauthorized users may be able to connect to your SOCKS proxy. But that's > not > an issue if you open it to anyone "by design" anyway. > > -- > With respect, > Roman > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk