On Fri, 17 Sep 2010 16:36:16 -0400 hikki@xxxxxxxxxxxxx wrote: > Robert Ransom: > > > Only if you trust the hardware firewall/router. I wouldn't. > > Okay so there aren't that many safe options to run a hidden service really, > if any at all? If your hidden service really needs to be annoying to find, run it: * using only well-written, secure software, * in a VM with no access to physical network hardware, * on a (physical) computer with no non-hidden services of any kind running on it (so that an attacker can't use Dr. Murdoch's âHot or Notâ clock-skew detection attack), * and over a fast enough Internet connection that the adversary cannot easily determine your connection's speed. The VM is optional *if* and *only if* an attacker cannot possibly get root on your hidden service. The physical computer with no non-hidden services on it, and the fast Internet connection, are optional if you do not need to keep your service hidden at all. Using secure software to run your hidden service is absolutely essential; if an attacker can get a list of files in /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin, /usr/local/sbin, and /command, and a list of directories in /usr/local and /opt, he probably knows enough to identify the service's owner, and more importantly, he knows enough to recognize another service owned by the same person. Your preferred Unix distribution, your favorite editors, your favorite command-line utilities, etc. are not especially easy to hide. (For example, if you find a hidden service running Plan 9 or Inferno, or with 9base or plan9port installed on it, you're going to look at me first -- I'm on both the Tor mailing lists and Plan-9-related mailing lists, and I don't think anyone else is at the moment.) The above precautions are probably enough, unless a three-letter agency (or four-letter association) knows about your hidden service and wants to find and âneutralizeâ its operator. In that case, you have to worry about the near-global passive adversary and other threats that Tor can't afford to defeat. Another, safer, option is to keep your hidden service below the radar entirely -- it's a lot harder for your adversaries to find something if they don't know it exists. I assume that's the approach that the US Navy uses. Robert Ransom
Attachment:
signature.asc
Description: PGP signature