Torpark and security
ADB
firefox-gen at walala.org
Tue Feb 21 16:18:46 UTC 2006
Mike is right about SSL. I had the same worry back in the day because I
connect to my mailserver via SSL on port 995. My own research and that,
indeed, the packets are properly obfuscated, even over standard SSL.
~Andrew
Michael Holstein wrote:
> As far as I can tell, the SSL stuff is wrapped in TLS before going
> over TOR, so no -- you wouldn't see the original IP (there are other
> ways, like with Javascript or flash, to get this information -- so
> hopefully you're running Firefox + NoScript + Flashblock at a minimum)
>
> As for getting the logs, there aren't any (unless you turn on
> debugging) -- and firewall logs (et.al) can be configured to ignore
> the TOR server.
>
> I am (for example) running syslog-ng on our firewall logs. My TOR
> server is 137.148.5.13, thus my syslog-ng filter entry for firewall
> stuff looks like this :
>
> filter f_firewall { host(firewall) and not match("137\\.148\\.5\\.13\\
> Accessed\\ URL") \
> and not match("137\\.148\\.5\\.13\\/") and \
> not match("Accessed\\ URL\\ 137\\.148\\.5\\.13"); };
>
> Therefore, nothing from the TOR box gets logged anywhere (this also
> omits directory requests inbound to the TOR server). Argus is
> similarly configured via a BPF expression.
>
> IMNAL, but I think that makes my traffic data pretty subponea-proof,
> since I can honestly say under oath that it dosen't exist (albeit
> intentionally). There's no law that says I can't selectively ignore
> something in the logs -- provided I haven't already been told to do it
> (eg: such a configuration AFTER receiving a subponea would be illegal).
>
> Cheers,
>
> Michael Holstein CISSP GCIA
> Cleveland State University
>
>
>
More information about the tor-talk
mailing list