[tor-dev] Is anyone using tor-fw-helper? (Was Re: BOINC-based Tor wrapper)

l.m ter.one.leeboi at hush.com
Thu Jul 23 18:37:29 UTC 2015


It's probably for the best. The implementation of upnp and nat-pmp is
frequently done incorrectly. Many implementations simply break the fw
security or leak identifying information by enabling the feature. I
once saw a case which opened port 0 everytime upnp was used. Not
closed, or stealth, but open. Encouraging running a relay is all good,
but doing it and not being able to account for implementations which
introduce security problems is risky.

--leeroy

On 7/23/2015 at 2:26 PM, "Jacob Appelbaum"  wrote:>> Also - does this
mean that after many many years... that this new
>> version of tor-fw-helper be enabled by default at build time?
Pretty
>> please? :-)
>
> Unlikely, AFAIK the general plan was to have it as a separate
package.
>

That is really a major bummer if so - we should be shipping this code
and enabling it by default. If a user wants to run a relay, they
should only have to express that intent with a single button.

All the best,
Jake
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150723/40f4badd/attachment-0001.html>


More information about the tor-dev mailing list