[tor-bugs] #4700 [Tor]: Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 19 05:57:14 UTC 2015
#4700: Tor should provide a mechanism for hidden services to differentiate
authorized clients and circuits
-------------------------+-------------------------------------------------
Reporter: | Owner:
katmagic | Status: new
Type: | Milestone: Tor: unspecified
enhancement | Version:
Priority: normal | Keywords: hiddenServices control needs-
Component: Tor | proposal tor-hs
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by arma):
Not quite the same thing, but an intriguing direction anyway:
https://lists.torproject.org/pipermail/tor-dev/2014-March/006576.html
"""
I've written this (ugly, unconfigurable) patch for Tor which is designed
to allow hidden services more information about their users, by giving
each inbound circuit its own temporary "IP address" in the 127.x range.
This technique works on Linux (I've not tried it on anything else) and
allows the application server to do some useful things which were
previously difficult:
* Identify TCP connections coming from the same client, in a short space
of time, for example, for diagnostic log analysis, identifying traffic
trends
* Rate-limit operations coming from the same client, to defend against
some types of DoS attacks
* Temporarily block abusive clients (at least, until they make a new Tor
circuit)
More importantly, it can do this with an unmodified application-server
(e.g. web servers typically have these features built-in) because it
effectively "spoofs" the client ID as an ip-address, in the 127.x range.
"""
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4700#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list