Hi,
I'm planning to run a Tor relay on a spare computer at home. Security is a concern, and not only regarding the machine running the relay but also my other computers. Are there any (theoretical or otherwise) known attacks a person can perform on a running Tor relay to take remote control of it, and assuming the said person could pull that off, is it possible to extend this control to the other computers behind the same router? I am aware of possible DDOS attacks and other risks related to running an exit, but i am comfortable in taking these chances in my environment.
I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian or some flavor of Ubuntu which i am more familiar with, and use full-disk encryption with strong passwords. Are there any risks to my other computers worth consideration?
Thanks.
On 9/25/2013 11:10 AM, Joe wrote:
Hi,
I'm planning to run a Tor relay on a spare computer at home. Security is a concern, and not only regarding the machine running the relay but also my other computers. Are there any (theoretical or otherwise) known attacks a person can perform on a running Tor relay to take remote control of it, and assuming the said person could pull that off, is it possible to extend this control to the other computers behind the same router? I am aware of possible DDOS attacks and other risks related to running an exit, but i am comfortable in taking these chances in my environment.
I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian or some flavor of Ubuntu which i am more familiar with, and use full-disk encryption with strong passwords. Are there any risks to my other computers worth consideration?
Thanks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I have found an indirect risk that all computers sharing the relay's IP address will probably be blacklisted from some commercial websites, regardless of whether the relay is an exit relay or not. I cannot access Ancestry.com from any computer in my house.
David C
David Carlson:
On 9/25/2013 11:10 AM, Joe wrote:
Hi,
I'm planning to run a Tor relay on a spare computer at home. Security is a concern, and not only regarding the machine running the relay but also my other computers. Are there any (theoretical or otherwise) known attacks a person can perform on a running Tor relay to take remote control of it, and assuming the said person could pull that off, is it possible to extend this control to the other computers behind the same router? I am aware of possible DDOS attacks and other risks related to running an exit, but i am comfortable in taking these chances in my environment.
I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian or some flavor of Ubuntu which i am more familiar with, and use full-disk encryption with strong passwords. Are there any risks to my other computers worth consideration?
Thanks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I have found an indirect risk that all computers sharing the relay's IP address will probably be blacklisted from some commercial websites, regardless of whether the relay is an exit relay or not. I cannot access Ancestry.com from any computer in my house.
David C _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I've been running a middle relay for years in my private net behind one adress. no problems there. You should just never run an exit relay there.
I'll have to reconsider, then. I assume middle relays see less traffic than exits? I also keep reading exits are desperately needed and i do have bandwidth to spare for an exit, about 10 mbit. I would also be running the exit through a VPN, so my own IP would not be published, and GUFW would block all outgoing traffic to LAN from the computer running the exit. All other ports would be blocked as well, and since it's routed through a VPN, i wouldn't even need to open any ports in my own hardware firewall, but at the VPN provider's end instead. I do have permission from the provider to run an exit.
Still, i'm now hesitant. Thanks for the replies.
26.9.2013 13:46, Martin Kepplinger wrote:
I've been running a middle relay for years in my private net behind one adress. no problems there. You should just never run an exit relay there.
On Thu, Sep 26, 2013 at 02:08:13PM +0300, Joe wrote:
I'll have to reconsider, then. I assume middle relays see less traffic than exits?
I don't think that's true, currently it seems we need more middle nodes than exit nodes based on my reading of the network statistics.
I also keep reading exits are desperately needed
Generally true, but non-exit (middle) nodes are also needed.
and i do have bandwidth to spare for an exit, about 10 mbit. I would also be running the exit through a VPN, so my own IP would not be published,
If you do this, I hope you can keep us updated here on the list with how well it's working! In theory a VPN should have some problems with Tor, but I'm very curious to see how well it actually works.
and GUFW would block all outgoing traffic to LAN from the computer running the exit. All other ports would be blocked as well, and since it's routed through a VPN, i wouldn't even need to open any ports in my own hardware firewall, but at the VPN provider's end instead. I do have permission from the provider to run an exit.
Still, i'm now hesitant. Thanks for the replies.
Given that you have permission from the provider, I don't see any reason not to run a middle or even an exit node. The network firewalling you've described should mitigate any risk internal to your network.
-andy
Why not?
-----Original Message----- From: martink@posteo.de Sent: Thu, 26 Sep 2013 10:46:54 +0000 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Relay security, re: local network
David Carlson:
On 9/25/2013 11:10 AM, Joe wrote:
Hi,
I'm planning to run a Tor relay on a spare computer at home. Security is a concern, and not only regarding the machine running the relay but also my other computers. Are there any (theoretical or otherwise) known attacks a person can perform on a running Tor relay to take remote control of it, and assuming the said person could pull that off, is it possible to extend this control to the other computers behind the same router? I am aware of possible DDOS attacks and other risks related to running an exit, but i am comfortable in taking these chances in my environment.
I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian or some flavor of Ubuntu which i am more familiar with, and use full-disk encryption with strong passwords. Are there any risks to my other computers worth consideration?
Thanks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I have found an indirect risk that all computers sharing the relay's IP address will probably be blacklisted from some commercial websites, regardless of whether the relay is an exit relay or not. I cannot access Ancestry.com from any computer in my house.
David C _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I've been running a middle relay for years in my private net behind one adress. no problems there. You should just never run an exit relay there. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
____________________________________________________________ FREE ONLINE PHOTOSHARING - Share your photos online with your friends and family! Visit http://www.inbox.com/photosharing to find out more!
On Thu, Sep 26, 2013 at 12:04:13PM -0800, I wrote:
Why not?
I've been running a middle relay for years in my private net behind one adress. no problems there. You should just never run an exit relay there.
EFF recommends against it in their Legal FAQ: "Should I run an exit relay from my home?" https://www.torproject.org/eff/tor-legal-faq
Their recommendation comes from dealing with one too many distraught relay operators who had confused DEA agents show up at their house and take everything including their toaster "because it might be evidence".
In general we've been doing pretty well at teaching law enforcement in the US about how Tor works: https://blog.torproject.org/blog/trip-report-october-fbi-conference but a) there are many other countries out there, and b) all it takes is one guy who didn't read his "there's this thing called Tor" briefing, or didn't believe it, to ruin your day/week/month.
So, feel free to do it, but also be aware there's a tiny-but-hard-to-actually-estimate chance of getting to spend a lot of time teaching people about Tor.
Thanks! --Roger
That's well and good for ONE country.
Of the many other countries those which have not been proven to be nerve-racking for Tor exit donors would be better tested than declared inviable by people who don't actually know.
IMO
____________________________________________________________ FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop! Check it out at http://www.inbox.com/earth
On 26.9.2013 23:25, Roger Dingledine wrote:
EFF recommends against it in their Legal FAQ: "Should I run an exit relay from my home?" https://www.torproject.org/eff/tor-legal-faq
Their recommendation comes from dealing with one too many distraught relay operators who had confused DEA agents show up at their house and take everything including their toaster "because it might be evidence".
In general we've been doing pretty well at teaching law enforcement in the US about how Tor works: https://blog.torproject.org/blog/trip-report-october-fbi-conference but a) there are many other countries out there, and b) all it takes is one guy who didn't read his "there's this thing called Tor" briefing, or didn't believe it, to ruin your day/week/month.
So, feel free to do it, but also be aware there's a tiny-but-hard-to-actually-estimate chance of getting to spend a lot of time teaching people about Tor.
Thanks! --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
So exits are desperately needed, but not badly enough to recommend running them where it would be the most convenient to set up, easiest to troubleshoot and manage, and most cost-effective to run (my personal experience and opinion, may not reflect that of others)? Granted, many, if not most consumer connections are capped too low to be of much individual value in terms of output volume, but i recall reading somewhere on these mailing lists and/or the Tor Project FAQs about how important diversity is, as opposed to clustering most exits to a handful of physical locations with fat cables.
I don't mean to sound rude, i just hate the way the world works with these things. Don't we all?
Cook:
On 26.9.2013 23:25, Roger Dingledine wrote:
EFF recommends against it in their Legal FAQ: "Should I run an exit relay from my home?" https://www.torproject.org/eff/tor-legal-faq
Their recommendation comes from dealing with one too many distraught relay operators who had confused DEA agents show up at their house and take everything including their toaster "because it might be evidence".
In general we've been doing pretty well at teaching law enforcement in the US about how Tor works: https://blog.torproject.org/blog/trip-report-october-fbi-conference but a) there are many other countries out there, and b) all it takes is one guy who didn't read his "there's this thing called Tor" briefing, or didn't believe it, to ruin your day/week/month.
So, feel free to do it, but also be aware there's a tiny-but-hard-to-actually-estimate chance of getting to spend a lot of time teaching people about Tor.
Thanks! --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
So exits are desperately needed, but not badly enough to recommend running them where it would be the most convenient to set up, easiest to troubleshoot and manage, and most cost-effective to run (my personal experience and opinion, may not reflect that of others)? Granted, many, if not most consumer connections are capped too low to be of much individual value in terms of output volume, but i recall reading somewhere on these mailing lists and/or the Tor Project FAQs about how important diversity is, as opposed to clustering most exits to a handful of physical locations with fat cables.
I don't mean to sound rude, i just hate the way the world works with these things. Don't we all? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Well yes. The thing is, even if you wouldn't have legal issues (which is also not garanteed when you run an exit that shares it's IP with real laptops and PCs people use), you would be annoyed and create a hard time for those laptops and PCs in that network. Webservices will at some point block your IP and even if it's temporarily, if it's the one service you need _now_ you regret running that exit node.
You won't have any such problem running a middle relay. And it helps as well. And you'll get the traffic you set in your torrc over time.
Running an exit is not hard. Just make sure it's the only machine behind a (real) IP. Rent a vserver with root access for about 10 bucks a month, you wont even need a machine yourself. Or find some "housing" service where you can put your own little machine that get's its own IP. And keep the installation simple. Run tor only. And read the 2 or 3 pages on the website on running an exit.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/27/2013 05:29 AM, Martin Kepplinger wrote:
a (real) IP. Rent a vserver with root access for about 10 bucks a month, you wont even need a machine yourself. Or find some "housing" service where you can put your own little machine that get's its own IP. And keep the installation simple. Run tor only. And read the 2 or 3 pages on
That reminds me of a question I've been meaning to ask lately...
Has anyone tried running Tor on top of OSv (http://osv.io/)?
As I understand it, OSv is an ultra-small OS which is Linux API-compatible and designed for running a single app only atop a virtualization stack. For example, it should, in theory, be possible to run the Tor daemon within a copy of OSv, that would be the only application running inside of that VM, and it should be running like greased lightning because it would be the only process running in that VM.
Granted, it is fairly new so I do not believe anyone has done any serious security analysis of OSv, but it seems like it would be an ideal candidate for a very high performance Tor node.
- -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/
"Look up! The stars aren't going to come out tonight!" --Doktor Sleepless
On 01/10/2013 03:34, The Doctor wrote:
That reminds me of a question I've been meaning to ask lately...
Has anyone tried running Tor on top of OSv (http://osv.io/)?
As I understand it, OSv is an ultra-small OS which is Linux API-compatible and designed for running a single app only atop a virtualization stack. For example, it should, in theory, be possible to run the Tor daemon within a copy of OSv, that would be the only application running inside of that VM, and it should be running like greased lightning because it would be the only process running in that VM.
First, I see no figures about the alleged performance of OSv. Secondly, I suspect that the kernel overhead, on a reasonable Tor node, is negligible when compared to book-keeping, crypto operations and so on. However, I'm also curious, so tell us if you try it :-)
Running a tor relay will increase your attack surface vis-a-vis the internet in the same way that running any other internet-facing service that could be owned (via, say, a buffer overflow) would.
In general, it is also common that once somebody has taken over a machine inside your internal network, it is much easier for them to attack the rest of your internal network.
There are probably no known exploits for the latest stable version of tor. If an attack surfaces, you will see an announcement on tor-announce. (the last security announcement was in august: https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html)
There are a few things you can do about this, like putting your tor relay into a DMZ so it can not talk to the rest of your internal network - the same as for any other internet-facing service you run. I'm not a networking expert, so I can't give you specific instructions for that - I hope someone who does will chime in.
Best Luke
2013/9/25 Joe yesman@riseup.net:
Hi,
I'm planning to run a Tor relay on a spare computer at home. Security is a concern, and not only regarding the machine running the relay but also my other computers. Are there any (theoretical or otherwise) known attacks a person can perform on a running Tor relay to take remote control of it, and assuming the said person could pull that off, is it possible to extend this control to the other computers behind the same router? I am aware of possible DDOS attacks and other risks related to running an exit, but i am comfortable in taking these chances in my environment.
I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian or some flavor of Ubuntu which i am more familiar with, and use full-disk encryption with strong passwords. Are there any risks to my other computers worth consideration?
Thanks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, 2013-09-25 at 19:10 +0300, Joe wrote:
Hi,
I'm planning to run a Tor relay on a spare computer at home. Security is a concern, and not only regarding the machine running the relay but also my other computers. Are there any (theoretical or otherwise) known attacks a person can perform on a running Tor relay to take remote control of it, and assuming the said person could pull that off, is it possible to extend this control to the other computers behind the same router? I am aware of possible DDOS attacks and other risks related to running an exit, but i am comfortable in taking these chances in my environment.
I would run the relay on a yet-undecided-Linux distro, possibly Mint Debian or some flavor of Ubuntu which i am more familiar with, and use full-disk encryption with strong passwords. Are there any risks to my other computers worth consideration?
Thanks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello Joe!
No absolute security exists, running Tor or not. Every software has undiscovered bugs and is theoretically exploitable. Since we migrated from assembly to higher level languages (and possibly before) we hid the cpu logic and added many layers of code which is run without the knowledge of programmers. There is no way to assert the negative: "there's no theoretical way of exploiting tor". The one who says that is only telling of his own ignorance.
Despite this, you should understand what tor does to at least prepare for Tor related attacks. Tor redirects other tor users network communications through your machine using standard TCP/IP. So one thing you should do is to have firewall enabled with appropriate rules. Everything closed except for open tor ports. You may also run tor on it's own network interface. You may run tor on non-standard ports to avoid tor related scanning. If this machine is behind a router/gateway you could create a separate interface and isolate it from the rest of LAN. If you are using debian, "harden" is a package I recommend you to install. Use mutt to check for mail on system logs. Set some kind of automated backup (rsync, duplicity) of /var at least. You should also configure firewall on the remaining machines.
If you need further help, ask here. But be sure to at least RTFM before.
C u
tor-relays@lists.torproject.org
-
Andy Isaacson -
Cook -
David Carlson -
I -
Joe -
Lukas Erlacher -
Luther Blissett -
Martin Kepplinger -
Nicolas Braud-Santoni -
Roger Dingledine -
The Doctor