[tor-talk] Dutch police break into webservers over hidden services

tor at lists.grepular.com tor at lists.grepular.com
Fri Sep 9 08:36:24 UTC 2011

On 09/09/11 06:43, Orionjur Tor-admin wrote:

> Very intresting what is the vulnerabilities they used for breaking systems?
> In the lite of that facts I don't know what I need to advice my clients
> - setting up hidden services on their home computers or on overseas
> vdses? (My clients are not providers of child pornography but they are
> fighters with tyrannical regim).
> The first method is the best from the point of view of information
> defense but the second method is the best for defense of persons of
> operators of that services...

Probably the safest way to run a hidden service is to do it from inside
a VM.

Install Tor on the host OS. Configure up the Hidden Service on the host
OS, but point it at the IP of the VM. Set up a firewall on the VM to
prevent all other network traffic going in or out of it. Or
alternatively use the TransPort functionality of Tor so all traffic
leaving the VM goes through Tor.

If the webserver on the VM is compromised, they get access to the VM,
but the VM shouldn't know its real IP address (just the NAT'd one), or
anything else about where it is or who it belongs to.

You're still relying on there being no vulnerabilities in the VM
software or the Tor software which allow an attacker to access the host
system, but that sort of attack is much more difficult to pull off than
compromising a web server, or any of the software being served by the
web server.

For all we know, this was a simple PHP exploit that allowed the attacker
to make a HTTP request from the target server to a host on the wider
Internet, to discover its IP.

Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110909/645328e2/attachment.pgp>

More information about the tor-talk mailing list