[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?



--- On Wed, 11/10/10, hikki@xxxxxxxxxxxxx <hikki@xxxxxxxxxxxxx> wrote:
> Like this: Linux Web Server -> Linux Tor Gateway ->
> DSL Router ->
> No wireless equipment, just LAN cables between them.

I have a question related to the tor client
and hidden service protocol designs which
may be relevant?  Can a tor client/hidden
service sitting behind a NATting router
query its router's internet facing public IP
from other tor nodes?  If so, could the
protocol be changed to prevent this somehow?

It seems like ideally we would want tor
clients and hidden services to be able to be
forced into the dark from a tor network
perspective about their own identifying info.
If a tor client/hidden service host is setup
with a private internal IP (say 192.168.1.2)
and appropriately firewalled from the internet
via a NATting router (likely with a spoofed
MAC) so that it can only speak with other
tor nodes (or bridges) on the appropriate
ports, could this node if compromised, still
gain identifying info about itself from its
network connections (ignoring iternal
hardware info leaks)?  Does the tor project
have preventing this type of info leaking,
from this "internal" attack vector, as an
objective?  Should it, could it?

Thanks,

-Martin



      
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/