[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden Service and exit circuit questions?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I don't exactly understand your concern here so excuse me if my reply
is off topic.

Doesn't matter if a Tor instance only handles a hidden service. Tor
has built in client functionality end establishes some circuits,
keeping them in case they will be needed. Even if you don't have a
SocksPort enabled, built in client functionality will not be disabled.
Also, a Tor instance running a hidden service will also open other
types of circuits besides rendezvous, such as introduction points
circuits and circuits needed to publish descriptors to the HSDirs
responsible for the hosted hidden service. So, it's normal for you to
see in your Tor client -> guard -> relay -> exit circuits and it is
not a threat to the anonymity of your hidden service, and no, it's
impossible for an exit (or a client, or any other relay/bridge) to
connect to your hidden service without using a rendezvous circuits.

There are other aspects to consider in your hidden service if you fear
such leaks, such as: can an attacker game the application hosted on
the hidden service in order to make arbitrary requests to a clearnet
address? can an attacker game the application hosted on the hidden
service in order to find out relevant info about its internet
connectivity, public IP address or other connection related
information? This won't be related to Tor anyway, it requires
hardening and much reading of opsec documentation. torproject.org and
tails.boum.org as well as whonix.org have some great articles about
this topic - do read.

On 7/20/2015 9:06 PM, me wrote:
> My primary question is about the established "exit circuits".
> 
> If the exit circuits are established, as they are by default, can
> an exit node initiate contact with my HS without ever going through
> a rendezvous or even knowing the onion address by simply using the
> pre-established circuit?
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVraPyAAoJEIN/pSyBJlsRoFEH/03vNN5NA3wPfUc8/5g+YfLW
t1ipU6C4NRO45y15WWrGQO1NT5Da644+8OCyn88PoQKW9pH/UAIWS9jqZYwJKurI
ACyeR94aimRyx+pKnlNNN6R+VxCa2O/pbhf5+NWRneqnAxCpnJ7qZzMGnT50QFli
q+aWKMx7LlP6R1LKyl9WLVDbYXJT2xoAuF0tAclWT7UTdxuRMcSGUxFcYJq6AAdS
TKWEvs7ye8x0/8QmMX+wrePCF54/IV9PD+y5xJ7Xq41vAa+3eHHqonFUO+BpOvsD
ly19t47ZUj0x78RQQ6+hJFnDVoka09MJt/QAykFfm6GhZSLf3PafjDx9mx+LZnA=
=bGP7
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk