2

On my system I have a secure service that is bound to localhost for commands. I do not want it accessible to Tor. It's bound to one port, lets say 876.

I am running a hidden service that binds to one port, lets call it 12345. So 127.0.0.1:12345 is open to Tor.

How confident can I be that Tor incoming connections to my system will not be able to somehow access 127.0.0.1:876?

Is this a real concern, or just tin-foil-hat?

Jens Kubieziel
  • 8,630
  • 5
  • 35
  • 116
Dan
  • 263
  • 1
  • 4

2 Answers2

0

It has to be bound to the port in torrc , that's the only place tor is told to bind, so if the port\binding is not there then there is no way for them to access unlisted ports over tor.

IAmNoone
  • 1,863
  • 1
  • 11
  • 20
0

I'd say this is an important concern and it's worth thinking about. You can go in two directions:

  1. Assume Tor works correctly according to the specification. Then there is no chance that Tor can access the other port (876).
  2. On the other side there might be a bug/vulnerability in Tor which allows it to access other data on a client's computer. If this is the case than an attacker has the possibility to access the data. But is this a realistic concern? From my perspective Tor does a lot to improve and ensure the security of the software (specification, testing, review etc.). So I'd it is quite improbable that something like this happens.

So the chance that somethin like in the case 2 happens is negligible.

Jens Kubieziel
  • 8,630
  • 5
  • 35
  • 116