[tor-talk] Three questions

grarpamp grarpamp at gmail.com
Sat Aug 9 02:46:11 UTC 2014


On Fri, Aug 8, 2014 at 8:38 PM,  <ml at ruggedinbox.com> wrote:
> 1. when running a service as a hidden service, for example a web server, the
> client IP address is always 127.0.0.1.
> Is there a way to have some more 'unique' information about the visitor, in
> order to mitigate a DDOS attack ?

Not really... user-agent, username/password, some tcp fingerprints, javascript,
the attack signature, etc, that is about all.

> 2. when I connect to a hidden service, as a client, for example using TBB or
> ssh, does any of the nodes in the circuit know my final destination ?

Not really... but there are some papers in the anonbib about what your
favorite gov't or last hop might be able to know.

> 3. about connecting to ssh as a hidden service: many howtos explain to edit
> ~/.ssh/config and add a 'ProxyCommand' definition, for example this
> resource:
> http://unethicalblogger.com/2012/06/13/ssh-as-a-hidden-service.html
> but we found that also torsocks (for example: torsocks ssh
> root at s4bysmmsnraf7eut.onion) works well.

Break yourself of the habit of logging in as root and use ssh keys.

> We did some (simple) packet sniffing and analysis and weren't able to find
> any leak.
> We prefer using torsocks because if you forget to add the ProxyCommand
> definition (thus trying to directly connect to the onion address), the onion
> address may be DNS leaked.
>
> What do you think about using torsocks to connect to ssh as a hidden service
> ?

Unless the proxy app is broken there is no leak, that is easily testable.
I suggest it is more configurable and maybe even more reliable to use
proxycommand which is a common application pipe, than torsocks which
is a library overlay hack.

> Thank you very much for your attention and sorry again if wrong list,

Thanks for bringing another mail service into the world, it is needed.


More information about the tor-talk mailing list