Re: [tor-bugs] #14084 [Tor]: Configuration option for anti-hs-portscanning

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#14084: Configuration option for anti-hs-portscanning
------------------------+--------------------------------
     Reporter:  nickm   |      Owner:
         Type:  defect  |     Status:  needs_review
     Priority:  normal  |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-hs nickm-patch
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by dgoulet):

 I wonder if this is a bit too much technical for users:

 {{{
 [[HiddenServiceAllowUnknownPorts]] **HiddenServiceAllowUnknownPorts**
 **0**|**1**::
    If set to 1, then connections to unrecognized ports do not cause the
    current hidden service to close rendezvous circuits. (Default: 0)
 }}}

 What is a "rendezvous circuit"? What that entails for the user to set it
 or not? Should we mention that it's primarly there to make port scanning
 harder on the attacker side (which is it really?). Why would someone set
 it to 1, to avoid bunch of circuit being built?

 The patch is ok for me. I'm no big fan of multiple error code but I don't
 see any simpler way here unless an extra param is given and set if the
 circuit should be close.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14084#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs