On Fri, Aug 8, 2014 at 8:38 PM, <[email protected]> wrote: > 1. when running a service as a hidden service, for example a web server, the > client IP address is always 127.0.0.1. > Is there a way to have some more 'unique' information about the visitor, in > order to mitigate a DDOS attack ?
Not really... user-agent, username/password, some tcp fingerprints, javascript, the attack signature, etc, that is about all. > 2. when I connect to a hidden service, as a client, for example using TBB or > ssh, does any of the nodes in the circuit know my final destination ? Not really... but there are some papers in the anonbib about what your favorite gov't or last hop might be able to know. > 3. about connecting to ssh as a hidden service: many howtos explain to edit > ~/.ssh/config and add a 'ProxyCommand' definition, for example this > resource: > http://unethicalblogger.com/2012/06/13/ssh-as-a-hidden-service.html > but we found that also torsocks (for example: torsocks ssh > [email protected]) works well. Break yourself of the habit of logging in as root and use ssh keys. > We did some (simple) packet sniffing and analysis and weren't able to find > any leak. > We prefer using torsocks because if you forget to add the ProxyCommand > definition (thus trying to directly connect to the onion address), the onion > address may be DNS leaked. > > What do you think about using torsocks to connect to ssh as a hidden service > ? Unless the proxy app is broken there is no leak, that is easily testable. I suggest it is more configurable and maybe even more reliable to use proxycommand which is a common application pipe, than torsocks which is a library overlay hack. > Thank you very much for your attention and sorry again if wrong list, Thanks for bringing another mail service into the world, it is needed. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
