[tor-bugs] #17451 [Tor]: Tor controller [ControlPort] - bruteforce defence measures & detailed logging when listening non-locally
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 29 20:10:25 UTC 2015
#17451: Tor controller [ControlPort] - bruteforce defence measures & detailed
logging when listening non-locally
-------------------------+----------------------------------
Reporter: programings | Owner:
Type: enhancement | Status: new
Priority: Very Low | Milestone: Tor: unspecified
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: lorax | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+----------------------------------
Changes (by yawning):
* keywords: => lorax
* priority: Medium => Very Low
* milestone: => Tor: unspecified
Comment:
This is the least of the things that makes it an utterly terrible idea to
expose the control port to anything that vaguely resembles the public
internet. If someone writes a clean patch for it, I wouldn't be massively
against having a config option, because defense in depth is nifty, but
even after the patch, a remotely accessible control port would still be a
terrible idea.
Triaging as appropriate.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17451#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list