[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Ports required for Tor and hidden services



Best to host your hidden service is by using Whonix Anonymous OS , as it separate Tor/firewall from the website software and it comes with many benefits. for more detail read:

Clearnet:

https://www.whonix.org/wiki/Onion_Services#Step_4:_Denial_of_Service_Mitigation_Options

Onion:

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onion_Services#Step_4:_Denial_of_Service_Mitigation_Options

Jim:
Forst wrote:
In that case, what would be best approach to achieve that all traffic is forced though Tor and direct internet connection blocked, preferably even if/when the system is breached?

Roger gave a good reply for the case where the system is not breached. But if your firewall is on the same system as the hidden service and an attacker gets root then nothing can save you since the attacker could alter the firewall at will.  The only exception I can think of is SELinux *might* provide a mechanism to prevent this but I am not familiar with it.

Jim

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk