Running Tor relay on computer with Standard account privileges on LAN RRS feed

  • Question

  • Hello everyone,

    I want to run a Tor relay ( http://www.torproject.org ) on my residential LAN using a 32 bit Vista Home Premium SP2 (fully patched) Standard Account on a separate computer. I would allow my D-Link DGL-4500 router (http://www.dlink.com/products/?pid=643) to have access to it with ports 443, 9001 and 9030. My main computer would not run Tor. I'm using OpenDNS as my DNS service (http://www.opendns.com).

    My question is, how can I secure my main production computer from any possible hacks of the Tor computer ? I am running Vista Ultimate 32 bit SP2 fully patched on my main box. The reason for the Tor is to allow Iranian dissidents to communicate outside of Iran, since their only ISP blocks almost everything.

    Thank you so much for your time. To save time, I've already done all the usual security precautions with my LAN and my main computer (i.e., no DMZ, only above ports allowed in, router firmware upgraded, no telnet, strong administrator password on Tor machine, etc).

    • Edited by steve2470 Sunday, July 5, 2009 2:12 PM forgot to mention password
    Sunday, July 5, 2009 2:09 PM


  • in that case what you can do as per my knowledge is separate your production computer and the computer using TOR by an IDS like Snort... Now configure the alert module of snort nearer to your production computer so that any communication between the computer using tor and your production computer is logged. also since you are able to download attack signatures from the snort website itself you should not have any problem in configuring it. also please do have a look at the snort.conf file for yourself and configure it accordingly to avoid false positives. you can visit www.snort.org for more info on it.

    this should make sense coz every attack vector should have a specific signature as you should exploit a particular service or a particular account. also beware to patch your production computer with regular updates as it is easy to compromise the snort service if the machine is not locked down.also stop unwanted services and daemon services which are generally a choice for attack vectors and also check for security status of other applications like vlc media player,windows media player 11...etc if you have and see to it that the security patches for them are applied as they could allow an attacker gain access to ur production system via url traversal attack or the remote code execution depending on the context or the attack tool used...

    the advise i gave you is based on my 3+ years experience on linux security...if you have any queries please do post it here....and thank you for posting...:)

    Regards, KOWSHAL H.M. a.k.a W@R10CK
    Monday, July 6, 2009 7:05 AM