[Twisted-Python] Security issue in SOCKS and Webcoil
![](https://secure.gravatar.com/avatar/433365de0f787faa3ed3e6dd1da5884f.jpg?s=120&d=mm&r=g)
Both of these when setup using mktap or coil listen on all interfaces. So running a mktap generated SOCKS on a firewall means anyone can access your internal network, and running coil means anyone can setup a telnet python shell or SOCKS proxy remotely. So, changes we need to make: SOCKS tap should allow configurin interfaces it will run on. COIL should allow configuring which interfaces a server can run on, not jusy which ports.
![](https://secure.gravatar.com/avatar/433365de0f787faa3ed3e6dd1da5884f.jpg?s=120&d=mm&r=g)
Itamar Shtull-Trauring wrote:
So, changes we need to make: SOCKS tap should allow configurin interfaces it will run on.
As a result, moshez and I agreed a tap module's getPorts function should return a list of Ports, instead of the current method of returning a list of (portNo, protocolFactory) tuples. That way a tap can also make SSL and UDP ports, set interfaces, and so on.
![](https://secure.gravatar.com/avatar/433365de0f787faa3ed3e6dd1da5884f.jpg?s=120&d=mm&r=g)
Itamar Shtull-Trauring wrote:
So, changes we need to make: SOCKS tap should allow configurin interfaces it will run on.
As a result, moshez and I agreed a tap module's getPorts function should return a list of Ports, instead of the current method of returning a list of (portNo, protocolFactory) tuples. That way a tap can also make SSL and UDP ports, set interfaces, and so on.
participants (1)
-
Itamar Shtull-Trauring