Example hidden service issue

Drake Wilson drake at begriffli.ch
Sat Mar 31 15:52:26 UTC 2007


Quoth Karsten Loesing <karsten.loesing at gmx.net>, on 2007-03-31 17:45:17 +0200:
> > |Step Three: Connect your web server to your hidden service
> > |
> > |This part is very simple. Open up your torrc again, and change the
> > |HiddenServicePort line from "www.google.com:80" to "localhost:5222".
> > |Then restart Tor. Make sure that it's working by reloading your hidden
> > |service hostname in your browser.
> > 
> > Sounds like a pretty bad idea to me too.
> 
> May sound like a bad idea, but does no harm at all.

Except that, as described earlier, HTTP 1.1 puts the destination
hostname in the request, so Google will see the onion name, IINM,
which causes the next paragraph---

> The only thing you should NOT do when setting up a hidden service after
> the above mentioned howto is to give the onion address to Google BEFORE
> changing to your own server. They could perform an altered request over
> Tor (e.g. for a non-existing resource) and find out which IP address
> requested that resource.

---to occur.

> In case you want to be absolutely sure, you can simply switch to a new
> onion address by deleting the hidden service key stored in your local
> hidden service directory. That forces Tor to create a new key, and you
> have a new onion address.

Right.

   ---> Drake Wilson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070331/2e6f9871/attachment.pgp>


More information about the tor-talk mailing list