June 2016 - tor-onions - lists.torproject.org

Hidden Service IP Addresses
by phiaslai＠nonkly.com 03 Jul '16

03 Jul '16

Can a hidden service expose it's IP address? Can I run a hidden service from a server that has DNS pointing to it for a domain? Can I run a hidden service from the same server as a tor relay (which openly exposes the IP address)?

7 7

Criteria for intro point, rendezvous point selection?
by Paul Syverson 18 Jun '16

18 Jun '16

We were trying to figure out some criteria for selecting intro points and rendezous points as well as circuits to connect to them and had some questions we couldn't determine from our poking around for answers. Does anyone know for current stable code (and, e.g., post 224 etc. if any of this is expected to change) the following? Are guards ever selected for intro points? Are exits ever selected for intro points? Are guards ever selected for rendezous points? Are exits ever selected for rendezvous points? Are client circuits to intro points selected from prebuilt circuits? If so, is the third hop an exit relay? Or is a prebuilt circuit cannibalized in some way to avoid using an exit? Are client circuits to rendezvous points selected from prebuilt circuits? If so, is the third hop an exit relay? Or is a prebuilt circuit cannibalized in some way to avoid using an exit? Fuller answers (e.g., 'Yes. guards can be selected as intro points, but only in accord with their chance of being selected as a middle relay.') and/or where to find these in documentation appreciated. If someone knowledgeable feels this is better directed at tor-dev, please let me know (or simply reply there rather than here). aloha, Paul

2 1

domain socket as HiddenServicePort target -- permissions!?
by Johannes 16 Jun '16

16 Jun '16

Hello gents, I'd like to use a unix domain socket as HiddenServicePort target so I can remove networking capabilities from my hidden service's server process. Tor does not connect to my socket, though. Tor's debug level logging does not show any (comprehensible) errors. This is very frustrating to debug! Because of the documentation of unix domain sockets in *other* parts of Tor, like ControlPort, SocksPort et. al., I suspect it is about permissions. How *exactly* are the requirements of ownership and permissions of the socket and its directory and why? This is totally under-documented! I've tried to look at the sources (https://trac.torproject.org/projects/tor/ticket/11485) but I could not make much sense of it. I've manage to somehow create a socket that worked, but firstly there are so many variables so for the love of gods I was not able reproduce it and secondly as far as I can recall that were perms that required elevated privileges to get them set, which is totally out of the question for production. I'd like to elaborate more on what did work, but I am truly lost! Version: Tor 0.2.7.6 (git-605ae665009853bd) TIA, Johannes

3 5