[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden Service and exit circuit questions?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden Service and exit circuit questions?
From: s7r <s7r@xxxxxxxxxx>
Date: Tue, 21 Jul 2015 04:44:18 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 20 Jul 2015 21:44:42 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1437443068; bh=Oajlo4pUTp1as9Qw5VBvUPmBulnXeiX2RRk6Ft9ZaM8=; h=Reply-To:Subject:References:To:From:Date:In-Reply-To; b=WaMgB8IfEcnHIcV3XzuC++Nj1euURVVKjd14gf/q0plSDM6r9JgOC6yYmjFcmUmh0 rpImnTS7H04A0lhNZ3MndEkLYf2PilyzGtnAmDBmU6jQqPSyAkVLWSi42MAQlFYpgx qaGZ2kqyvzAqngVf8vD9dL8hqMmt4EZJXbr9LSj0=
In-reply-to: <MTAwMDAzNS5jb3VsZGJl.1437415566@quikprotect>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <MTAwMDAzNS5jb3VsZGJl.1437415566@quikprotect>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I don't exactly understand your concern here so excuse me if my reply
is off topic.

Doesn't matter if a Tor instance only handles a hidden service. Tor
has built in client functionality end establishes some circuits,
keeping them in case they will be needed. Even if you don't have a
SocksPort enabled, built in client functionality will not be disabled.
Also, a Tor instance running a hidden service will also open other
types of circuits besides rendezvous, such as introduction points
circuits and circuits needed to publish descriptors to the HSDirs
responsible for the hosted hidden service. So, it's normal for you to
see in your Tor client -> guard -> relay -> exit circuits and it is
not a threat to the anonymity of your hidden service, and no, it's
impossible for an exit (or a client, or any other relay/bridge) to
connect to your hidden service without using a rendezvous circuits.

There are other aspects to consider in your hidden service if you fear
such leaks, such as: can an attacker game the application hosted on
the hidden service in order to make arbitrary requests to a clearnet
address? can an attacker game the application hosted on the hidden
service in order to find out relevant info about its internet
connectivity, public IP address or other connection related
information? This won't be related to Tor anyway, it requires
hardening and much reading of opsec documentation. torproject.org and
tails.boum.org as well as whonix.org have some great articles about
this topic - do read.

On 7/20/2015 9:06 PM, me wrote:
> My primary question is about the established "exit circuits".
> 
> If the exit circuits are established, as they are by default, can
> an exit node initiate contact with my HS without ever going through
> a rendezvous or even knowing the onion address by simply using the
> pre-established circuit?
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVraPyAAoJEIN/pSyBJlsRoFEH/03vNN5NA3wPfUc8/5g+YfLW
t1ipU6C4NRO45y15WWrGQO1NT5Da644+8OCyn88PoQKW9pH/UAIWS9jqZYwJKurI
ACyeR94aimRyx+pKnlNNN6R+VxCa2O/pbhf5+NWRneqnAxCpnJ7qZzMGnT50QFli
q+aWKMx7LlP6R1LKyl9WLVDbYXJT2xoAuF0tAclWT7UTdxuRMcSGUxFcYJq6AAdS
TKWEvs7ye8x0/8QmMX+wrePCF54/IV9PD+y5xJ7Xq41vAa+3eHHqonFUO+BpOvsD
ly19t47ZUj0x78RQQ6+hJFnDVoka09MJt/QAykFfm6GhZSLf3PafjDx9mx+LZnA=
=bGP7
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Hidden Service and exit circuit questions?
  - From: me

Prev by Author: Re: [tor-talk] OnionBalance Hidden Service has over 1 million successful hits in just 3 days
Next by Author: Re: [tor-talk] OnionBalance Hidden Service has over 1 million successful hits in just 3 days
Previous by thread: Re: [tor-talk] Hidden Service and exit circuit questions?
Next by thread: [tor-talk] Regarding the Hacking Team leak and the "TOR interception" (all uppercase Tor obviously)
Index(es):
- Author
- Thread