[tor-talk] wget - secure?
helpfulnoob at Safe-mail.net
helpfulnoob at Safe-mail.net
Sat May 26 22:39:04 UTC 2012
Hi again :)
>On Fri, Apr 20, 2012 at 17:15, Robert Ransom <rransom.8774 at gmail.com> wrote:
>
>>On 2012-04-18, Joseph Lorenzo Hall <joehall at gmail.com> wrote:
>>
>>The underlying point is that it would be neat if
>>you've done a comprehensive analysis of a specific version of Tor,
>>etc., etc.
>No, the underlying point is that I have personally seen wget send my
>computer's IP address over Tor in an FTP PORT command. wget is not
>‘100% safe’.
>
>The code to send a PORT command is still present in wget 1.13.4. wget
>1.13.4 is not ‘100% safe’; anyone who wants to recommend it needs to
>specify a particular configuration of wget which is safe. (Don't
>count on a ‘default configuration’; Linux distributors might have
>messed with it, or failed to update it to the version shipped in
>recent wget source distributions.)
Hi there Robert Randsom, thanks for such good info. Can you please point me to documents, or directions, to test FTP PORT command with my setup: Wget 1.13.4 (openssl 1.0.0g), Privoxy v3.0.19, , and Wireshark 1.6.8, on Windows 7 x64 Home Premium SP1?
I want to test what you write, and so far I tried 'host IPadress' [1], at a FreeBSD FTP server [2], but I didn't know what to look for; am I on the right track? For now, I close port 21 on my computer, when using Wget; is that good enough for now?
I look to see if there's a way to disable FTP, but nope, and that's probally showing my noobiesness, ha. Anyway, if I can help I'm happy to be helpful, so, drop me a line! :)
Here's how I started Wget:
wget -c --no-parent ftp://ftp.freebsd.org/pub/FreeBSD/
>And that's not even the potential information leak that folks who are
>familiar with ‘anonymous FTP’ would check for first.
>Robert Ransom
I don't know to what you're eluding, however, I was thinking the following setting may mitigate anonymous FTP issues, if I understand the 1.13.4 MAN entry [3] correctly...
(ex. in wgetrc.txt)
ftp-user = Jane
ftp-password = LovesTor
[1] http://portforward.com/networking/wireshark.htm
[2] ftp://ftp.freebsd.org/pub/FreeBSD/
[3] http://www.gnu.org/software/wget/manual/wget.html#FTP-Options
More information about the tor-talk
mailing list