Hi Thomas The hidden services publish a descriptor with a subset of tor nodes (6 total). You can run a tor node and log these descriptors (by modifying the tor source) to learn all the hidden service addresses.
You can confirm whether a Tor HS exists simply by trying to fetch it's descriptor (which doesn't require knowledge of the open port) and trying to build a circuit to it (see the tor research framework for some examples: ( https://github.com/drgowen/tor-research-framework). Of course, there's no way to find out which ports are open other than by scanning. Best Gareth > Hello everybody, > have a question. These days, there were discussions about scanning the TOR > universum for hidden server which would mean 2^80 possible hidden server. > So lets assume they try one specific HS which is existing. How can they > determine it's existence? I would guess by trying port 80 and maybe port > 443. But what if the HS owner decides to run his service over port 389 for > example? For clarification, that's what I mean: > HidenServicePort 389 127.0.0.1:80 > This would require using URL with http://$onion.onion:389/ > Does this help making a HS more invisible? Would this require a surveiller > scanning not only all 2^80 onions but also all 2^16 possible ports? > Regards > Thomas -- Dr Gareth Owen Senior Lecturer School of Computing, University of Portsmouth Tel: 02392 846423 Web: ghowen.me -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
