[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Shodan & Hidden Services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Shodan & Hidden Services
From: Alec Muffett <alec.muffett@xxxxxxxxx>
Date: Fri, 21 Apr 2017 23:35:45 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Apr 2017 18:36:44 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=pUUT19HP2IgnSydmJnEw8tJPhXQq6Gzac/qImJyttoY=; b=YQ/GoKLIXeR+QnKFch914RvCzTBbjZ7VZy0r+sfIFjQNulr+pR1C4K5Sin31IW6uy4 SNE52BSPTjjtxYPUEDNoahf1SjzV1Wl2O4zO1X26sq2s2Z+n0Mzse0h5rCKxTck7AuKS Wc43t9UyLfDNnu9GCdrbzppo7nOV4vcr3ww3GdfN+hx9jlbASy6nh6vnkWBQPoG2srxA DZ7+Qjnf4KV4hmQu7TMfiKqtkLfw0Xz66Xw1aZqQTnvynLPHeW1IQ++3JMF8gSK7kruR x7OSYHp+rjCElljA/d9L1V3andRde+/HS45fxY21Y7vS1sBIJd/pJZnABzj8UQK88+0k rHog==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

So it turns out that Shodan - a kind of multi-protocol Google-alike search
engine for metadata and protocol headers - has indexed a bunch of Onion
sites which were configured to leak their (onion) hostnames into protocol
headers.

https://www.shodan.io/search?query=.onion%2F

This is... tragic, perhaps, and avoidable to varying extents (eg: my
proposed setup process*) but the situation also possibly presents an
opportunity for anyone who has identified addresses of sibyl/other naughty
tor-infra-impacting activity, to maybe check some logs and see if any
badly-configured onions were also hosted on the same addresses/subnets, get
some concept of what hidden services were hosted there, and what they may
have been up to?

    - alec

*
https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-production-onion-server.md

-- 
http://dropsafe.crypticide.com/aboutalecm
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Shodan & Hidden Services
  - From: grarpamp
- Re: [tor-talk] Shodan & Hidden Services
  - From: Jon Tullett

Prev by Author: [tor-talk] Website minor detail
Next by Author: Re: [tor-talk] Shodan & Hidden Services
Previous by thread: Re: [tor-talk] Regarding latest TOR Browser update 652
Next by thread: Re: [tor-talk] Shodan & Hidden Services
Index(es):
- Author
- Thread