[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Hidden Service (mysql, apache, php)
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Hidden Service (mysql, apache, php)
- From: "David Vennik" <davidvennik@xxxxxxxxxxxxxx>
- Date: Tue, 7 Nov 2006 15:58:00 +1000
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Tue, 07 Nov 2006 00:58:16 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Pc8GPIqQ4FsUhjWwzs+ASOgp0/KjhI6gdHGm/3u3gfrYsN2N37nNu2MGdGxyj0dhHov4vvQUN9z7xZgesWcl154pqpbeWsCqp5D0Igj6sOnHm9Et9YF85VyyF1L/sAudSE2Efd4OnjK/JunzYqU6PIQ4uiDk/4Wf9eNZf3KFSrM=
- In-reply-to: <f0eeea310610310156g7d7b69fci2dc30d2239a35bc4@mail.gmail.com>
- References: <20061031094612.38114.qmail@web57806.mail.re3.yahoo.com> <f0eeea310610310156g7d7b69fci2dc30d2239a35bc4@mail.gmail.com>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
the security risks are the same as running it without being hidden, except vulnerabilities allowing the attacker to get the real ip address is the major difference. i wouldn't think such exploits would be easily done especially if one has told one's AMP servers to only accept connections from localhost. anything which could give the attacker root would obviously allow them to run ifconfig or ip to determine (oh, if the machine is windows, ipconfig) the address of the network-facing ip, or if need be, the address of the default gateway which is the public ip address. just something to be aware of. any security holes will lead to compromise, the community is always seeking to close such holes of course, being that such a large portion of the internet depends on its integrity.
On 10/31/06, Nils Vogels <bacardicoke@xxxxxxxxx> wrote:
On 10/31/06, tormailinglist tormailinglist <tormailinglist@xxxxxxxxx> wrote:
> Could anybody tell me what the security risks are runngin a hidden service
> with Hidden Service (mysql, apache, php) behind a router?
>
They are no different from running a Hidden Service without the
router, since in the Tor network, the existance of routers is
effectively ignored.
http://tor.eff.org/docs/tor-hidden-service.html.en#four should be able
to help you out on that..
HTH & HAND,
Nils
--
Simple guidelines to happiness:
Work like you don't need the money,
Love like your heart has never been broken and
Dance like no one can see you.