Re: [tor-bugs] #14084 [Tor]: Configuration option for anti-hs-portscanning

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#14084: Configuration option for anti-hs-portscanning
------------------------+--------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  needs_review
     Priority:  normal  |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-hs nickm-patch
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by qwerty1):

 Replying to [comment:3 dgoulet]:
 > I wonder if this is a bit too much technical for users:
 >
 > {{{
 > [[HiddenServiceAllowUnknownPorts]] **HiddenServiceAllowUnknownPorts**
 **0**|**1**::
 >    If set to 1, then connections to unrecognized ports do not cause the
 >    current hidden service to close rendezvous circuits. (Default: 0)
 > }}}
 >
 > What is a "rendezvous circuit"?
 The manual mentions technical terms (including rendezvous circuits)
 several times already, with no ill effects so far.

 >What that entails for the user to set it or not? Should we mention that
 it's primarly there to make port scanning harder on the attacker side
 (which is it really?)
 Describing it in those terms encourages users to place their trust in
 2^16^ security through obscure ports, and ignores the already existing
 solution: HS client authorization.

 The only thing I would change about this patch is I think it should be set
 to `1` by default.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14084#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs