On Tue, Jan 15, 2008 at 10:10:32AM -0500, Chris Burge wrote:
> Ok...I've been running a relay on Windows (XP, Vista and Server 2003) for
> the past year.
Thanks. :)
> I hope this is the right list I can post this on. Either
> way, I a m looking to become more involved with TOR
> (donations/development/etc)
https://www.torproject.org/donate
https://www.torproject.org/documentation#DesignDoc
are probably two good places to start.
> given that none of the leading presidential
> candidates (except Huckabee or Ron Paul who are both lagging in the
> polls) in the US seem to be worried about privacy, Real ID and etc..
>
> I am now ready to try and run a hidden service on my Server 2003 box
> (specificly IIS) but have failed miserably. I'm stuck with IIS for now as I
> have always been a Microsoft developer (hey brings food to the table) and am
> not currently confident in running Apache at this time with IIS (only one
> box at this time). Essentially, I want to run IIS with a mixture of sites
> using TOR and not using TOR. I had imagined I would use my onion routing
> address in the host headers of the site I want TOR packets to hit while
> other sites would naturally take regular packets. Does anyone have a clue
> as to what I'm trying to do and how I might solve it? I'm not interested in
> moving to Apache at this time until I'm more confident with it and with a
> cms such as TYPO3.
The first thing I would worry about with one webserver that handles
hidden services and "normal" websites is if somebody can connect to the
hidden service website, ask for the real website, and get it. This lets
an attacker guess-and-check about where your hidden service lives. In
apache-land this is usually solved by listening on two different ports,
and making sure to keep the two classes of sites separate in apache's
mind. I imagine there's a way for IIS to do it too.
https://www.torproject.org/docs/tor-hidden-service#three
has a bit more discussion.
If you get it working well and want to document what you did and why,
that would be great. Hidden services haven't received much attention
over the past few years in terms of writing tutorials.
--Roger