[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Example hidden service issue



Quoth Karsten Loesing <karsten.loesing@xxxxxxx>, on 2007-03-31 17:45:17 +0200:
> > |Step Three: Connect your web server to your hidden service
> > |
> > |This part is very simple. Open up your torrc again, and change the
> > |HiddenServicePort line from "www.google.com:80" to "localhost:5222".
> > |Then restart Tor. Make sure that it's working by reloading your hidden
> > |service hostname in your browser.
> > 
> > Sounds like a pretty bad idea to me too.
> 
> May sound like a bad idea, but does no harm at all.

Except that, as described earlier, HTTP 1.1 puts the destination
hostname in the request, so Google will see the onion name, IINM,
which causes the next paragraph---

> The only thing you should NOT do when setting up a hidden service after
> the above mentioned howto is to give the onion address to Google BEFORE
> changing to your own server. They could perform an altered request over
> Tor (e.g. for a non-existing resource) and find out which IP address
> requested that resource.

---to occur.

> In case you want to be absolutely sure, you can simply switch to a new
> onion address by deleting the hidden service key stored in your local
> hidden service directory. That forces Tor to create a new key, and you
> have a new onion address.

Right.

   ---> Drake Wilson

Attachment: signature.asc
Description: Digital signature