Gavin Wahl: >> I think the topic Bridge Firewall is also related here: >> > https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/BridgeFirewall > > >> >> (The topic didn't move there yet, but it's all very similar ideas >> we're discussing here.) > > Isn't corridor exactly what that article is describing?
Corridor also supports connecting to normal Tor relays (not bridges) only. > It seems like it's also vulnerable to the 'Severe issue' in the > article -- a compromised tor host behind corridor can get its public > IP address with the 'getinfo address' Tor control protocol command > and deanonymize. Quote https://github.com/rustybird/corridor/#pitfalls > > > corridor cannot prevent malware on a client computer from directly > contacting a colluding relay to find out your clearnet IP address. > The part of your client system that can open outside TCP connections > must be in a trustworthy state! (Whonix and Qubes-TorVM are > well-designed in this respect.) Discussion: > > https://lists.torproject.org/pipermail/tor-talk/2014-February/032153.html > > https://lists.torproject.org/pipermail/tor-talk/2014-February/032163.html > > Whonix includes this in its threat model -- you should be able to > run arbitrary/compromised code behind the tor gateway and be safe. Yes. > Can corridor do anything about it? I don't think so, but happy to be proven wrong. You might be interested in this comparison, that includes corridor: https://www.whonix.org/wiki/Comparison_with_Others Full disclosure: I am a maintainer of Whonix. Cheers, Patrick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
