Thus spake a a ([EMAIL PROTECTED]): > Oh, excuses. I do not (at least not after the distinct replies) intend > to use this either to leech torrents or to leech Tor. Anyways, after > testing this for approximately three minutes, my ol' pa went totally > nutters on the realisation that this might circumvent the firewall (and > yes, he's usually nutters for a reason). > > A more accurate question on my behalf would therefore be: Can Tor (if > you use it without (or with, for that matter) port forwarding the > firewall, create "holes" in the firewall by allowing incoming > connections through the Tor proxy. The ?Torrent case kinda implies this > (riiight...?) as the other peers seemed to be able to connect to me at a > higher rate...
This is extremely unlikely. Most firewalls create holes for outgoing TCP connections based on tuples of (IP dest, IP src, TCP dest, TCP source). Unless your firewall is braindamaged, Tor should not open incoming holes for bittorrent, since Tor only connects to Tor IPs and ports for that first hop (which is all your firewall will see). (UDP is a different story, but neither Tor nor bittorrent use UDP). One way to verify if your firewall is braindamaged is to download the utility wireshark (http://www.wireshark.org) and start it up. Once it's running, the following filter will show you all INCOMING TCP connections to the machine running bittorrent: (tcp.flags == 2) && (ip.dst == 192.168.0.XXX) Replace 192.168.0.XXX with your bittorrent machine's IP. You should see no packets other than for other holes opened in your firewall. One alternate way your firewall could be broken is that it is allowing UPNP (or Apple's equivalent.. forget its name). UPNP is used by client applications to negotiate ports to open on the firewall. If your bittorrent client supports UPNP and has it enabled, and your firewall has it enabled, holes will open automatically independent of Tor. You can also tell your dad that you are probably just as vulnerable with just a single fixed (non-UPNP) port open for bittorrent as you are running bittorrent with outgoing connecitons. So long as nothing other than bittorrent listens on that port, the only thing exploitable via that port should be bittorrent, and bittorrent is already exploitable via traffic travelling over the outbound connections it made (though outbound connections aren't visible to people scanning your IP for exploitable clients). > Or am I completely off the rails? It's likely, see above ; ) It certainly should have nothing to do with Tor unless your firewall manufacturer is really really dumb (not very likely). > Or should this be put to rest because it is simply exploration of > exploitation ? Very few sane people shoot down public discussion exploring exploitation. The only way systems can hope to remain secure is if the net IQ of people securing them exceeds that of those attempting to break them. The only way for this to happen is public oversight and discussion (ESPECIALLY of exploits involving closed-source systems - closed-source companies have finite and small IQ compared to the rest of the world). Unfortunately, fewer and fewer people in control of systems and law are sane these days. So the world is about to get mighty interesting ;) -- Mike Perry Mad Computer Scientist fscked.org evil labs
