[tor-talk] Ports required for Tor and hidden services
bo0od
bo0od at riseup.net
Mon Jan 27 20:03:59 UTC 2020
Best to host your hidden service is by using Whonix Anonymous OS , as it
separate Tor/firewall from the website software and it comes with many
benefits. for more detail read:
Clearnet:
https://www.whonix.org/wiki/Onion_Services#Step_4:_Denial_of_Service_Mitigation_Options
Onion:
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Onion_Services#Step_4:_Denial_of_Service_Mitigation_Options
Jim:
> Forst wrote:
>> In that case, what would be best approach to achieve that all traffic
>> is forced though Tor and direct internet connection blocked,
>> preferably even if/when the system is breached?
>
> Roger gave a good reply for the case where the system is not breached.
> But if your firewall is on the same system as the hidden service and an
> attacker gets root then nothing can save you since the attacker could
> alter the firewall at will. The only exception I can think of is
> SELinux *might* provide a mechanism to prevent this but I am not
> familiar with it.
>
> Jim
>
More information about the tor-talk
mailing list