[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Please help me test my hidden service
- To: bennett@xxxxxxxxxx
- Subject: Re: Please help me test my hidden service
- From: Ringo <2600denver@xxxxxxxxx>
- Date: Tue, 04 Aug 2009 04:34:55 -0400
- Cc: or-talk@xxxxxxxxxxxxx
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 04 Aug 2009 04:35:41 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=bjUr5J2cUpiaytuQctmn9D+zcsICyxu2AllK9Rznzqo=; b=wbWDi8mORXBOu3UIaI90KE2upI/PAwRsuvdAUBXvifngP2RqGNsy1+FrsorI7+rC28 8TzSCHN0gMYhN4cE6DuZFjMZH2E3WKizkNXfxlfiVSN2391hbYoihaBlFcir5b6vsnZF LqXDI7wzWLB7ux2CzVaiGYKgxt6UMqQddMUag=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=tyWXAoEVHS8QX89AYR60/hP6W3ZcksBuppPjqERq8la8MlcAeKxd01kpSpOnCZ/9b5 tp6jqQVl3fysrJ3x/ga2DjqvJW3lR+3khHwf6LrcNaucRrXGg71lqGeH/wTeVTil7VXT 7hoGdbAnRcITmg5TakJxoVvYAkfGNA9X9kbks=
- In-reply-to: <200908040826.n748QRfu021737@xxxxxxxxxxxxx>
- References: <200908040826.n748QRfu021737@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.21 (X11/20090318)
"For that matter, it's probably best *not* to run most kinds of hidden
> services on tor relays precisely because tor relays are well known through
> the directory. Running a hidden service on a client-only tor would be the
> safest way because clients are not listed anywhere as such."
I actually thought the opposite was true. If somebody is running a
hidden service that's transferring lots of data, somebody listening to
their connection would be able to tell that lots of traffic was going
through the Tor network. If this person had a middleman relay, this
would be easy to explain. I guess it depends on the person's situation.
Thoughts?
"Best you learn how to protect your butt *before* opening it up to the
> world, no? Have you thought about running your service inside a jail or a
> virtual machine? That would make it much easier to wall it off from the
> rest of your computer and home network."
It's inside a virtual machine and the account it's using on the host
machine has been limited fairly well IMO.
> A jail or a VM can certainly help you there by limiting the ability
> of shell accounts to access the world at large, especially when combined
> with the application of a decent packet filter on the host system.
Something deep inside me says it would be a horrible idea to give out
shell access but it's in a virtual machine (which I'm not attached to if
I lose) and the host firewall won't let it send anything out that
doesn't go through Tor. Maybe it wouldn't be so dangerous after all.
Solidarity,
Ringo