[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden service security w. Apache/Win32

On Sun, 19 Feb 2012 12:50:47 -0000
"Fred Toben" <redguy@xxxxxxxxxxx> wrote:

> Hello Everybody
> I am in the process of setting up a hidden service with Apache 2.2
> under Windows.
> I run Apache (Win32) in a virtual machine and Tor in a separate
> virtual machine under VMware Workstation.
> VM 1 runs Apache and VM 2 runs Tor.
> VM 1 is connected to VM 2 through an internal host only network and no
> connection to Apache is possible except through the host only network.
> Apache runs under a limited user account and I have locked down  all
> potentially unsafe modules (PHP, autoindex etc) and I have tested
> that the hidden service is connectable from the outside with
> its .onion address.
> So far I haven't found any public info about the possible downsides of
> running a hidden service under Windows.
> Is running the instances of Tor and Apache in separate locked down
> virtual environments more secure than having Apache and Tor listening
> within the same machine?
> Or is Windows an absolute no when considering running a secure hidden
> service?
> Another question is whether my setup (VM1=application, VM2=Tor)
> ameliorates the problems with proxified applications.
> On the Torproject site I read that proxifying applications is often
> dangerous because the applications might leak the machine's real IP
> address.
> But if the proxified aplication runs within a virtual machine, and
> only connects to an instance of Tor running within another VM, what
> info could leak through the application other than the IP of the VM?
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

An extremely interesting post.  I'm new to tor and am considering
setting up either a relay or a hidden service on an Ubuntu machine
running behind a single router on my home net but have hesitated to set
it up because of concerns about leakage.  I'll follow this thread with
great interest though I'm too much of a newbie here to contribute
anything substantive.

tor-talk mailing list