[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: The best way to run a hidden service: one or two computers?
From: Martin Fick <mogulguy@xxxxxxxxx>
Date: Wed, 10 Nov 2010 12:32:21 -0800 (PST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 10 Nov 2010 15:32:28 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1289421141; bh=75aZA0lKbVA+AJbSqPvM6CuGZf1w1X7P7STSDqzE7z4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=hbXecDen1Iq+UWikhGmFRtIMGzTQ5wxNaBU4fEiQa8FyYzj7swOLuPtxHMQp2P3xA6rF9nY95nJAyRD6OkXttFiRNQAhmgUOAzVqMS7G2cKMafTGwMSnPlsBH4SINWecKb0MIjLOj9J/6kbDbs2SG6amHVbJA+9dLY9JiBcT4kg=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=Qy3vWg3bs2i77tgNkeQ2R0DSpvZiM5Ow0p66jcR5BiDRfiucuajZ/+FARvMEqv57qK0P3LDgyQKiV4NV9WYOpsTPRKhVLVE7Ho2Lypomi1Z/y4tiAi5cMQAMm63TSh7J/bV1IiNez6sFfjUCNOmQK3LuEAjDsb518sn2D8db7/I=;
In-reply-to: <20101110112358.0d86ee73@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

--- On Wed, 11/10/10, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:

> Martin Fick <mogulguy@xxxxxxxxx>
> wrote:
> 
> > I have a question related to the tor client
> > and hidden service protocol designs which
> > may be relevant?  Can a tor client/hidden
> > service sitting behind a NATting router
> > query its router's internet facing public IP
> > from other tor nodes?
> 
> Yes.  Current Tor relays send the IP address of the
> other node in a
> NETINFO cell at the beginning of each TLS connection.
> 
> >               
>         If so, could the
> > protocol be changed to prevent this somehow?
> 
> No.  This would break both bridges and relays operated
> behind a NAT,
> even with the ORPort forwarded to the internal IP address
> on which the
> bridge or relay is listening.

I suspected so.  Do you agree that it would
be valuable if the change were possible?  It
seems like changing the protocol to use 
another port (to easily be able firewall it)
to get sensitive info for bridges and relays
might make clients and hidden services much
more easily securable.  I realise that this
likely a major change, but if it could make
all tor users much more secure... (would 
it?)

Thanks,

-Martin

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- Re: The best way to run a hidden service: one or two computers?
  - From: Robert Ransom

Prev by Author: Re: The best way to run a hidden service: one or two computers?
Next by Author: SOCKS 4a or SOCKS 5 when using Polipo?
Previous by thread: Re: The best way to run a hidden service: one or two computers?
Next by thread: Tor router
Index(es):
- Author
- Thread