[tor-talk] Hidden Service and exit circuit questions?
me
tortalk at couldbe.securecoffee.com
Tue Jul 7 00:09:04 UTC 2015
I set up a test Stealth Authenticated Hidden Service Web Server.
I noticed examining the logs that the default behavior is for Tor to
establish several "exit circuits". Since the hidden service (HS) does not
need an exit node, I thought to try eliminating all exit circuits.
I added the following to the torrc:
ExcludeExitNodes 255.0.0.0/1,1.0.0.0/1
Thinking that this excludes the entire Internet as an exit.
Based upon a brief test, it appears to work. I can still contact the HS and
there is no "exit circ" in the log, although it seemed to take longer for the
HS to become known.
This leads me to a couple of questions:
#1
Is excluding all exits a reasonable or good thing to do?
#2
Given that exit circuits are normally pre-established, is it theoretically
possible for an exit node to use its pre-established circuit with my HS to
establish a connect without having the HS encryption cookie, or even without
knowing the "onion" since the circuit already exists?
More information about the tor-talk
mailing list