[tor-bugs] #13667 [Tor]: Prevent port scanning of hidden services

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 18 04:26:13 UTC 2014


#13667: Prevent port scanning of hidden services
------------------------+------------------------------------------
     Reporter:  arma    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  major   |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  SponsorR tor-hs 025-backport
Actual Points:          |  Parent ID:
       Points:          |
------------------------+------------------------------------------

Comment (by arma):

 '1' doesn't make me very satisfied. It means that if there is a port
 that's open, you can keep asking and you'll find it. That sounds like the
 same situation as now.

 '2' indeed doesn't hide whether the port worked, but it sure slows down
 scanning. Can we argue that it slows down scanning enough to make it
 basically useless on a large scale? (A downside is that if somebody *does*
 decide to scan anyway, they'll sure be putting a lot of pain on the
 network.)

 Does '4', for a low number, basically approximate one of the earlier
 options? E.g. we'd have to also include configured but actually down
 services, or you could just ask for the same one k times in a row and if
 it hangs up then you know it was the 'defense'.

 Are there arguments against '2' other than 'it's not a complete solution'?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13667#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list