[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] HS again: Portscan?



Hi Thomas

The hidden services publish a descriptor with a subset of tor nodes (6
total).  You can run a tor node and log these descriptors (by modifying the
tor source) to learn all the hidden service addresses.

You can confirm whether a Tor HS exists simply by trying to fetch it's
descriptor (which doesn't require knowledge of the open port) and trying to
build a circuit to it (see the tor research framework for some examples: (
https://github.com/drgowen/tor-research-framework).  Of course, there's no
way to find out which ports are open other than by scanning.

Best
Gareth


> Hello everybody,
> have a question. These days, there were discussions about scanning the TOR
> universum for hidden server which would mean 2^80 possible hidden server.
> So lets assume they try one specific HS which is existing. How can they
> determine it's existence? I would guess by trying port 80 and maybe port
> 443. But what if the HS owner decides to run his service over port 389 for
> example? For clarification, that's what I mean:
> HidenServicePort 389 127.0.0.1:80
> This would require using URL with http://$onion.onion:389/
> Does this help making a HS more invisible? Would this require a surveiller
> scanning not only all 2^80 onions but also all 2^16 possible ports?
> Regards
> Thomas


-- 
Dr Gareth Owen
Senior Lecturer
School of Computing, University of Portsmouth

Tel: 02392 846423
Web: ghowen.me
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk