[tor-talk] Hidden Service and exit circuit questions?

["me" <tortalk@xxxxxxxxxxxxxxxxxxxxxxxx>]

I set up a test Stealth Authenticated Hidden Service Web Server.

I noticed examining the logs that the default behavior is for Tor to
establish several "exit circuits". Since the hidden service (HS) does not
need an exit node, I thought to try eliminating all exit circuits.

I added the following to the torrc:

   ExcludeExitNodes 255.0.0.0/1,1.0.0.0/1

Thinking that this excludes the entire Internet as an exit.

Based upon a brief test, it appears to work. I can still contact the HS and
there is no "exit circ" in the log, although it seemed to take longer for the
HS to become known.

This leads me to a couple of questions:

#1
Is excluding all exits a reasonable or good thing to do?

#2
Given that exit circuits are normally pre-established, is it theoretically
possible for an exit node to use its pre-established circuit with my HS to
establish a connect without having the HS encryption cookie, or even without
knowing the "onion" since the circuit already exists?



-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk