[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Hidden service question



On Wed, Mar 22, 2006 at 01:42:49PM -0500, Geoffrey Goodell wrote:
> On Wed, Mar 22, 2006 at 12:42:32PM -0500, Dan Mahoney, System Admin wrote:
> > On Wed, 22 Mar 2006 circut@xxxxxxxxxxxxxxxxxxxxxx wrote:
> > 
> > The webserver will see the IP of the "exit node" which is usually an IP on 
> > the same server.  Running a hidden service gives you no more insight into 
> > a TOR user's identity than being a standard node.
> 
> Right conclusion, incomplete reason.  Nodes with hidden services do get
> to construct a Tor circuit to a rendezvous point, so they know that
> point and may potentially have some control over the choice of that
> point, but clients accessing hidden services also construct Tor circuits
> to this rendezvous point, so provided that Tor works, neither party
> learns the address of the other.
> 

Still incomplete and a little off. The node the hidden service sets
up is called an introduction point. The client creates a circuit to
a separate rendezvous point, then sets up a circuit to the introduction
point and sends information about the rendezvous point down that.


> Indeed, this means that packets between a client and the hidden service
> may traverse seven hosts, not just three.

Path length is six Tor nodes not seven (for both introduction and
rendezvous circuits.)

(1) HS --> 1 --> 2 --> IP
(2) C  --> 1 --> 2 --> RP
(3) C  --> 1 --> 2 --> 3 --> IP (send RP to HS through circuit (1) )
(4) HS --> 1 --> 2 --> 3 --> RP 

RP mates circuits (2) and (4) so total Tor nodes between C and HS is six.

Key
HS = Hidden Server
C = Tor client
IP = Introduction Point
RP = Rendezvous Point

1, 2, 3 are Tor nodes but unlike HS, C, IP, and RP, the numbers 1, 2,
3 stand for positions not necessarily for the same Tor node in each
circuit above. (They kind of do, which is why I didn't give them
different names. Ask me about entry guards if this isn't complicated
enough already.)

There are other pictures of this in slides at
http://www.onion-router.net/Publications.html#new-slides
and at
http://tor.eff.org/documentation.html.en
under "Design Documents"

The above slides don't include aspects of the latest versions of Tor.
However, there are more pictures and detailed discussion of hidden
services in "Locating Hidden Servers", cf.
http://www.onion-router.net/Publications.html#locating-hidden-servers

>  Perhaps there are some
> reasonable "middle ground" options:
> 
> - Server anonymity only: a way for clients to access hidden services by
> just connecting directly to the rendezvous point (for situations in
> which the client does not care about his/her own anonymity)
> 

I think you are still running introduction point and rendezvous point
together here. If you mean rendezvous point, this was the actually
configuration used to conduct the attacks described in "Locating
Hidden Servers" above (attacks no longer possible in the current
versions) since the client was less concerned about protecting
her anonymity than in finding the hidden server.

> - Client anonymity only: a way for servers to advertise themselves
> without anonymity (e.g. a web service running at http://router.exit/,
> for situations in which the service does not want anonymity per se but
> wants people to connect via Tor, perhaps for the purpose of providing
> consistent reachable service from behind a NAT / firewall / dynamic
> address.
> 

Yep. Actually several variants currently being considered.

aloha,
Paul