privoxy (was Re: ipv6)

Patrick McFarland diablod3 at gmail.com
Mon Aug 9 14:54:39 UTC 2004


On Mon, 9 Aug 2004 16:29:34 +0200, Eugen Leitl <eugen at leitl.org> wrote:
> Anonymizing proxies are largely useless, if Mallory sees the last leg to the journey
> (browser<-->proxy).

Yeah. Thats why you need to run your own privoxy and tor, so that you
control the machine that is the last leg. (This is why I'm not too
much of a fan of an outside proxy, you can still be tracked to your
box by the owner of the proxy. Do a little man in the middle attack
and someone inbetween can insert their own proxy and others can watch
your traffic too.)
 
> > The only thing you now have a problem with is a dos attack against
> > your own box: if someone floods your box with connections to the
> > proxy, it will chew cpu and memory like mad. (Im assuming a tor flood
> > wouldn't be as bad)
> 
> It's largely a hypothetical threat, I hope (everybody: please don't feel
> compelled to prove me wrong, if you're reading it).

I don't believe in the hypotheticalness of a threat. If it can be
exploited even a tiny little bit, then it's an issue.

-- 
Patrick "Diablo-D3" McFarland || diablod3 at gmail.com
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd 
all be running around in darkened rooms, munching magic pills and listening to
repetitive electronic music." -- Kristian Wilson, Nintendo, Inc, 1989



More information about the tor-dev mailing list