[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Putting onion services behind a third-party TCP proxy

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Putting onion services behind a third-party TCP proxy
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Thu, 15 Aug 2019 00:53:19 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 15 Aug 2019 00:53:34 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Gawxj1RFQp4IESaeCso8te5HjAqrBqD0a01XWVQNRC8=; b=PA0S5iJewQ7SwjlCrMd4srqFNnNcqY3XhWQpUaWtDmxqU9A8BaOrpo9Z4Nx5e1ZbS6 UQNEDqDftNRAHHG9H2WUGaEAcIK9lMs/sZSetqlukZez0v+vLIQGM7yJmsAsToDBrunM zdkiIJtd59r9ZV2mRJrxTKftmK99D86HLkqa5+5CMV5gZQqK4H8cyn0eEYoraZ0p0lSJ 2k+HRdWXm4YSp1KignT0VYT2yFUtJ4MIzHNEYBDQhvVbfj9+VRJi2hFLQ3Vjdiq3ihSX 5AbRz8XVgKTqeHosdfT39dU9g9okeQpwo3prVyyzExJslXtopZ8lJTA57YwWt/J+7a3O LRnA==
In-reply-to: <CAMM-YAP9kQoo6DQWC3F-68ieEXF8ihRf7UuOEGnF5pnfUQL8hg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAMM-YAP9kQoo6DQWC3F-68ieEXF8ihRf7UuOEGnF5pnfUQL8hg@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 8/14/19, Pop Chunhapanya <pop@xxxxxxxxxxxxxx> wrote:
> When deploying an onion service ... the ip address
> of my machine ... is exposed to the Tor network...
> DDoS ... if someone knows my ip address.

Only your tor client, and your guard, knows your ip.
Unless you're up against a malicious guard, that's
not a problem, and if you are, firewalling doesn't
help anything there because you can't prevent
a real "DDoS" or any other modulation from
partitioning or otherwise giving away your onion.
Tor cannot defend against that class of attack.

Note that in a proper "onion only" configuration,
a box should have no inbound ports open.

There is something confusing with your wording.

If these replies don't help, please rephrase your question.

And or sanitize and post your torrc config and
invocation commandline.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Putting onion services behind a third-party TCP proxy
  - From: Pop Chunhapanya

Prev by Author: Re: [tor-dev] [prop305] Introduction Point Behavior
Next by Author: Re: [tor-dev] New Proposal 306: A Tor Implementation of IPv6 Happy Eyeballs
Previous by thread: Re: [tor-dev] Putting onion services behind a third-party TCP proxy
Next by thread: [tor-dev] [prop305] Introduction Point Behavior
Index(es):
- Author
- Thread