[tor-dev] Putting onion services behind a third-party TCP proxy

grarpamp grarpamp at gmail.com
Thu Aug 15 04:53:19 UTC 2019


On 8/14/19, Pop Chunhapanya <pop at cloudflare.com> wrote:
> When deploying an onion service ... the ip address
> of my machine ... is exposed to the Tor network...
> DDoS ... if someone knows my ip address.

Only your tor client, and your guard, knows your ip.
Unless you're up against a malicious guard, that's
not a problem, and if you are, firewalling doesn't
help anything there because you can't prevent
a real "DDoS" or any other modulation from
partitioning or otherwise giving away your onion.
Tor cannot defend against that class of attack.

Note that in a proper "onion only" configuration,
a box should have no inbound ports open.

There is something confusing with your wording.

If these replies don't help, please rephrase your question.

And or sanitize and post your torrc config and
invocation commandline.


More information about the tor-dev mailing list