Running a tor relay will increase your attack surface vis-a-vis the internet in the same way that running any other internet-facing service that could be owned (via, say, a buffer overflow) would.
In general, it is also common that once somebody has taken over a machine inside your internal network, it is much easier for them to attack the rest of your internal network.
There are probably no known exploits for the latest stable version of tor. If an attack surfaces, you will see an announcement on tor-announce. (the last security announcement was in august: https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html)
There are a few things you can do about this, like putting your tor relay into a DMZ so it can not talk to the rest of your internal network - the same as for any other internet-facing service you run. I'm not a networking expert, so I can't give you specific instructions for that - I hope someone who does will chime in.
Best Luke
2013/9/25 Joe yesman@riseup.net:
Hi,
I'm planning to run a Tor relay on a spare computer at home. Security is a concern, and not only regarding the machine running the relay but also my other computers. Are there any (theoretical or otherwise) known attacks a person can perform on a running Tor relay to take remote control of it, and assuming the said person could pull that off, is it possible to extend this control to the other computers behind the same router? I am aware of possible DDOS attacks and other risks related to running an exit, but i am comfortable in taking these chances in my environment.
I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian or some flavor of Ubuntu which i am more familiar with, and use full-disk encryption with strong passwords. Are there any risks to my other computers worth consideration?
Thanks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays