[tor-talk] Hidden Service and exit circuit questions?
s7r at sky-ip.org
Tue Jul 21 01:44:18 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
I don't exactly understand your concern here so excuse me if my reply
is off topic.
Doesn't matter if a Tor instance only handles a hidden service. Tor
has built in client functionality end establishes some circuits,
keeping them in case they will be needed. Even if you don't have a
SocksPort enabled, built in client functionality will not be disabled.
Also, a Tor instance running a hidden service will also open other
types of circuits besides rendezvous, such as introduction points
circuits and circuits needed to publish descriptors to the HSDirs
responsible for the hosted hidden service. So, it's normal for you to
see in your Tor client -> guard -> relay -> exit circuits and it is
not a threat to the anonymity of your hidden service, and no, it's
impossible for an exit (or a client, or any other relay/bridge) to
connect to your hidden service without using a rendezvous circuits.
There are other aspects to consider in your hidden service if you fear
such leaks, such as: can an attacker game the application hosted on
the hidden service in order to make arbitrary requests to a clearnet
address? can an attacker game the application hosted on the hidden
service in order to find out relevant info about its internet
connectivity, public IP address or other connection related
information? This won't be related to Tor anyway, it requires
hardening and much reading of opsec documentation. torproject.org and
tails.boum.org as well as whonix.org have some great articles about
this topic - do read.
On 7/20/2015 9:06 PM, me wrote:
> My primary question is about the established "exit circuits".
> If the exit circuits are established, as they are by default, can
> an exit node initiate contact with my HS without ever going through
> a rendezvous or even knowing the onion address by simply using the
> pre-established circuit?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
-----END PGP SIGNATURE-----
More information about the tor-talk