the security risks are the same as running it without being hidden, except vulnerabilities allowing the attacker to get the real ip address is the major difference. i wouldn't think such exploits would be easily done especially if one has told one's AMP servers to only accept connections from localhost. anything which could give the attacker root would obviously allow them to run ifconfig or ip to determine (oh, if the machine is windows, ipconfig) the address of the network-facing ip, or if need be, the address of the default gateway which is the public ip address. just something to be aware of. any security holes will lead to compromise, the community is always seeking to close such holes of course, being that such a large portion of the internet depends on its integrity.
<br><br><div><span class="gmail_quote">On 10/31/06, <b class="gmail_sendername">Nils Vogels</b> <<a href="mailto:bacardicoke@gmail.com">bacardicoke@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 10/31/06, tormailinglist tormailinglist <<a href="mailto:tormailinglist@yahoo.com">tormailinglist@yahoo.com</a>> wrote:<br>> Could anybody tell me what the security risks are runngin a hidden service<br>> with Hidden Service (mysql, apache, php) behind a router?
<br>><br>They are no different from running a Hidden Service without the<br>router, since in the Tor network, the existance of routers is<br>effectively ignored.<br><br><a href="http://tor.eff.org/docs/tor-hidden-service.html.en#four">
http://tor.eff.org/docs/tor-hidden-service.html.en#four</a> should be able<br>to help you out on that..<br><br>HTH & HAND,<br><br>Nils<br><br>--<br>Simple guidelines to happiness:<br>Work like you don't need the money,
<br>Love like your heart has never been broken and<br>Dance like no one can see you.<br></blockquote></div><br>