[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?



--- On Wed, 11/10/10, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:

> Martin Fick <mogulguy@xxxxxxxxx>
> wrote:
> 
> > I have a question related to the tor client
> > and hidden service protocol designs which
> > may be relevant?  Can a tor client/hidden
> > service sitting behind a NATting router
> > query its router's internet facing public IP
> > from other tor nodes?
> 
> Yes.  Current Tor relays send the IP address of the
> other node in a
> NETINFO cell at the beginning of each TLS connection.
> 
> >               
>         If so, could the
> > protocol be changed to prevent this somehow?
> 
> No.  This would break both bridges and relays operated
> behind a NAT,
> even with the ORPort forwarded to the internal IP address
> on which the
> bridge or relay is listening.

I suspected so.  Do you agree that it would
be valuable if the change were possible?  It
seems like changing the protocol to use 
another port (to easily be able firewall it)
to get sensitive info for bridges and relays
might make clients and hidden services much
more easily securable.  I realise that this
likely a major change, but if it could make
all tor users much more secure... (would 
it?)

Thanks,

-Martin




***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/