[guardian-dev] Tethering with Tor transparent proxy
Daniel Bryg
fermenthor at gmail.com
Fri May 27 17:14:01 EDT 2011
Hi, I'm glad it's useful. See inline
On Tue, May 24, 2011 at 10:11 AM, Nathan of Guardian
<nathan at guardianproject.info> wrote:
> Daniel,
>
> Thanks again for this great "patch". I am incorporating it now for Orbot
> 1.0.6.
>
> On 05/17/2011 04:30 PM, Daniel Bryg wrote:
>> - listening on all interfaces may create a security risk, so consider
>> changing the addresses in torrc or block incoming traffic with
>> iptables.
>
> Instead of listening on 0.0.0.0 for the transproxy and DSN ports, should
> we instead detect the current IP and use that? Within the context of
> tethering on Android, I am not sure specifically how that would improve
> or reduce risk, but I agree that anything configured to 0.0.0.0 does
> make me a bit nervous.
Right. What i've been doing on the openwrt routers, is to let users
configure which interface they want to be proxied and start tor with
binding only on that address. You probably don't want to restart Tor
on android, as the interfaces may come and go relatively frequently. I
don't know if Orbot currently interacts with Tor config, other than
with a static file - you'd have to either change the ListenAddresses
in torrc and send SIGHUP or connect to the control port.
Cheers.
D>
>
> OTOH, Auto-Tor Wireless Tethering is a pretty risky, but very cool and
> needed feature, that we'll be sure to mark with plenty of warnings.
>
> +n8fr8
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/fermenthor%40gmail.com
>
> You are subscribed as: fermenthor at gmail.com
>
More information about the Guardian-dev
mailing list