RE: Pen-Testing via TOR

["Hagen, Eric" <ehagen () DenverNewspaperAgency com>]

TOR endpoint nodes also can enforce individual port preferences, in addition
to the default blocked ports.  For example, most TOR nodes won't relay NNTP.
Many of them relay ONLY port 80 and 443.  Some block port 21 too. 

Using TOR is a poor way to get some sort of reasonable pen-testing, because
from minute to minute, the ports you can relay to are going to change and
will make scanning and such things very unpredictable and hard to interpret.

Eric

-----Original Message-----
From: andrew.thornton [mailto:andrew.thornton () thorntonindustries com] 
Sent: Thursday, July 21, 2005 6:10 PM
To: Whodini
Cc: pen-test () securityfocus com
Subject: Re: Pen-Testing via TOR
Importance: Low

Tor will forward all SOCKS (versions 4, 4a and 5) compliant protocols. 
There is some packet enforcement going on by default within tor. It is 
called an exit policy. Here is the what is blocked by default:

reject *:1214
reject *:4661-4666
reject *:6346-6429
reject *:6881-6999


The following sites may be helpful to you:

http://www.infosecninja.org/content/view/16/28/
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications
http://www.socks.permeo.com/AboutSOCKS/SOCKSOverview.asp

Whodini wrote:

> I am trying to pentest a box of mine "remotely" by using TOR to make
> me hit the cloud first and then double back. What specific pen-test
> can I use, either for Win32 or Linux that will work through TOR, or a
> proxy?
>