On Thu, 7 Jul 2016 07:29:04 +0200 Andreas Krey <a.krey@xxxxxx> wrote: > On Wed, 06 Jul 2016 15:06:00 +0000, grarpamp wrote: > ... > > https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html > > Is there a way to make tor log connection attempts to any ports > on an hidden service address, independent of whether the port > actually has a HiddenServicePort? Not on any reasonable log config as is (I didn't check unreasonable ones like the debug one.). Patch `rend_service_set_connection_addr_port()` in rendservice.c if you want this behavior. Note that it will already log connection attempts to unknown ports by default (to the `LD_REND` domain). There's also an option (disabled by default) to tear down circuits that attempt to open streams to unknown ports, but that won't stop anyone moderately dedicated, just make things take more time. > > All quite expected and well known ever since the > > dawn of overlay networks. Same with the Internet. > > Also, wasn't there a change that made discovery impossible? Prop 224 will fix it, but that hasn't been fully implemented yet. Using `stealth` HS auth in the mean time frustrates this. -- Yawning Angel
Attachment:
pgp0cH7aFNmyd.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays