[tor-relays] HS and relay - same server different tor instance

[teor]

> On 14 Nov 2017, at 10:54, blaze glory <bglory at yandex.com> wrote:
> 
> Hi,
> 
> Hopefully this list is the right address for this question. I know that running a hidden service and relay from the same tor instance is not advisable to say the least (https://trac.torproject.org/projects/tor/ticket/8742) but what about running a relay and HS on the same ip, different instance (multiple virtual machines using same public ip for example). The purpose of it would be to have some decoy tor traffic (so it looks like relay is creating it not HS)
> 
> I can imagine some traffic analysis could be done if HS picks the relay on the same ip as RP or IP or guard node. Are there any mechanisms in tor to prevent that? What other downsides are there for running a setup like this?

When your relay goes down due to a fault on your machine or its network,
the hidden service also goes down. This allows an attacker to match up
downtimes, and work out the public IP address of your hidden service.
(A similar attack can be used to work out which hidden services are
running on the same tor instance, machine, or network.)

Tor is not designed to hide hidden service traffic in relay traffic,
because relays are not anonymous. Instead, Tor hides hidden service
traffic in client traffic (and, to a lesser extent, bridge traffic).

If you want to hide your hidden service traffic, encourage other people
near you to run Tor clients, hidden services, and bridges.

T

--
Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
------------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171114/6cd2e51f/attachment.sig>