[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: The best way to run a hidden service: one or two computers?
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Mon, 13 Sep 2010 12:45:24 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 13 Sep 2010 15:43:45 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type; bh=ZItVA0GAof4ZZmsTarXCtxMzwiALHOBfogbe9+2C9J8=; b=SFQQjfuSNf8xqAA1qluQkQoUGD/2AmE+SBQPjeD2/RcejpdiY3tSm0HTkcQg4OYIzC AHP7IQDI87iVzRwSvnyRp07V2I4IGMv80Fo+9daBnP/PTU5XKpU3fATJV3Tu/osovK3D X/3vNIzHbTgHbdnhJOwfW5+a7jwOtKatYHUw8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type; b=TYoz1AIB+KPqKhHi+IGc7wJAu2/UoGgr9CfS7IaO4Q1kvDpudwxYtM8fC8Oe9FkHnl 0ZAmS/I5eyWkRk8NIUGqQvLe8/Zg/4tWZvbfVUZ88Zj6ro9FKUnA0p93h13I96QOZgsZ mfvoDDVBg7DgdlKvBpGqcKgbpKp89uEObcYLA=
In-reply-to: <N1-QqGAEMSsfs@xxxxxxxxxxxxx>
References: <N1-QqGAEMSsfs@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Mon, 13 Sep 2010 14:12:35 -0400
hikki@xxxxxxxxxxxxx wrote:

> When running a hidden service, obviously hidden so no one can find the 
> true source and IP of the web server because lives may be depended on 
> that, I've heard that the best and safest way is to use a dedicated 
> server computer with two operating systems and the server being inside a 
> virtual machine. So if the web server should get cracked, the cracker 
> will be locked inside the virtual machine and cannot do side-channel 
> attacks or any other clever methods to reveal the true source.
> 
> Then I read somewhere that theres even a more secure way, and that is by 
> using two dedicated computers. One computer with the web server running,
> 
> being connected with a LAN cable to the second computer which works as a 
> firewalled router with Tor running on it with the hidden service keys. 
> Again, if a cracker cracks the server machine, he will be physically 
> trapped inside the server and cannot access the second computer nor the 
> internet directly.

He *would* be able to access the Ethernet card in the
Internet-connected gateway box, and I have seen reports of at least one
Ethernet card with an unauthenticated remote-update backdoor which
could be used to take over the entire computer through DMA.  At the
very least, virtual network adapters are unlikely to have intentional
backdoors hidden in them.

> What are your opinions on this?
> What should be done and what should be avoided while setting up such 
> systems?

* First, operate the hidden service using software with no security
  holes, and on a (physical) computer that does not operate any
  Internet-visible services (especially not a Tor relay).  Putting your
  hidden service in a virtual machine won't protect you from the
  side-channel attack described in âHot or Notâ.

* Second, if you must use software with security holes to operate your
  hidden service, keep that software in a virtual machine, and do not
  let it communicate with a real network adapter.  (The âhost-only
  networkâ option in VirtualBox should be safe enough, for example.)  I
  don't see a big reason to run Tor in a VM, unless you need to set up
  transparent proxying and don't want to mess up your main OS
  installation.

Robert Ransom

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: The best way to run a hidden service: one or two computers?
  - From: Jimmy Dioxin

References:
- The best way to run a hidden service: one or two computers?
  - From: hikki

Prev by Author: Re: When is the 'MyFamily' setting unnecessary?
Next by Author: Re: The best way to run a hidden service: one or two computers?
Previous by thread: The best way to run a hidden service: one or two computers?
Next by thread: Re: The best way to run a hidden service: one or two computers?
Index(es):
- Author
- Thread