Delivery-Date: Mon, 20 Jul 2015 21:44:42 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,URIBL_BLACK autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6C69A1E07F2;
	Mon, 20 Jul 2015 21:44:40 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3C39B34765;
	Tue, 21 Jul 2015 01:44:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 4E76733F7D
 for <tor-talk@lists.torproject.org>; Tue, 21 Jul 2015 01:44:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id beVbo5TceNMQ for <tor-talk@lists.torproject.org>;
 Tue, 21 Jul 2015 01:44:31 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
 [162.222.225.21])
 by eugeni.torproject.org (Postfix) with ESMTP id 316DE33F68
 for <tor-talk@lists.torproject.org>; Tue, 21 Jul 2015 01:44:31 +0000 (UTC)
Received: from [0.0.0.0] (vmi40455.contabo.host [5.189.128.243])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: s7r@sky-ip.org)
 by outbound.mailhostbox.com (Postfix) with ESMTPSA id 28E93782CFD
 for <tor-talk@lists.torproject.org>; Tue, 21 Jul 2015 01:44:26 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
 s=20110108; t=1437443068;
 bh=Oajlo4pUTp1as9Qw5VBvUPmBulnXeiX2RRk6Ft9ZaM8=;
 h=Reply-To:Subject:References:To:From:Date:In-Reply-To;
 b=WaMgB8IfEcnHIcV3XzuC++Nj1euURVVKjd14gf/q0plSDM6r9JgOC6yYmjFcmUmh0
 rpImnTS7H04A0lhNZ3MndEkLYf2PilyzGtnAmDBmU6jQqPSyAkVLWSi42MAQlFYpgx
 qaGZ2kqyvzAqngVf8vD9dL8hqMmt4EZJXbr9LSj0=
References: <MTAwMDAzNS5jb3VsZGJl.1437415566@quikprotect>
To: tor-talk@lists.torproject.org
From: s7r <s7r@sky-ip.org>
X-Enigmail-Draft-Status: N1110
Message-ID: <55ADA3F2.2050001@sky-ip.org>
Date: Tue, 21 Jul 2015 04:44:18 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <MTAwMDAzNS5jb3VsZGJl.1437415566@quikprotect>
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.1 cv=I/SYP4Ug c=1 sm=1 tr=0
 a=MrAU/hC7CVgfppmtDdqWrw==:117 a=MrAU/hC7CVgfppmtDdqWrw==:17
 a=-NIMs_s3AAAA:8 a=bvjBBkZ6AAAA:8 a=JAI3OqB5mnwA:10 a=N659UExz7-8A:10
 a=AwIQbDszAAAA:8 a=KFDzBVmfAAAA:8 a=yFeozlo6AAAA:8 a=X_S_hhXp4jo3ljEimxEA:9
 a=EkOKYy2SdAOW4xb5:21 a=7qtPpLDhuhpUF2vb:21 a=pILNOxqGKmIA:10
Subject: Re: [tor-talk] Hidden Service and exit circuit questions?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I don't exactly understand your concern here so excuse me if my reply
is off topic.

Doesn't matter if a Tor instance only handles a hidden service. Tor
has built in client functionality end establishes some circuits,
keeping them in case they will be needed. Even if you don't have a
SocksPort enabled, built in client functionality will not be disabled.
Also, a Tor instance running a hidden service will also open other
types of circuits besides rendezvous, such as introduction points
circuits and circuits needed to publish descriptors to the HSDirs
responsible for the hosted hidden service. So, it's normal for you to
see in your Tor client -> guard -> relay -> exit circuits and it is
not a threat to the anonymity of your hidden service, and no, it's
impossible for an exit (or a client, or any other relay/bridge) to
connect to your hidden service without using a rendezvous circuits.

There are other aspects to consider in your hidden service if you fear
such leaks, such as: can an attacker game the application hosted on
the hidden service in order to make arbitrary requests to a clearnet
address? can an attacker game the application hosted on the hidden
service in order to find out relevant info about its internet
connectivity, public IP address or other connection related
information? This won't be related to Tor anyway, it requires
hardening and much reading of opsec documentation. torproject.org and
tails.boum.org as well as whonix.org have some great articles about
this topic - do read.

On 7/20/2015 9:06 PM, me wrote:
> My primary question is about the established "exit circuits".
> 
> If the exit circuits are established, as they are by default, can
> an exit node initiate contact with my HS without ever going through
> a rendezvous or even knowing the onion address by simply using the
> pre-established circuit?
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVraPyAAoJEIN/pSyBJlsRoFEH/03vNN5NA3wPfUc8/5g+YfLW
t1ipU6C4NRO45y15WWrGQO1NT5Da644+8OCyn88PoQKW9pH/UAIWS9jqZYwJKurI
ACyeR94aimRyx+pKnlNNN6R+VxCa2O/pbhf5+NWRneqnAxCpnJ7qZzMGnT50QFli
q+aWKMx7LlP6R1LKyl9WLVDbYXJT2xoAuF0tAclWT7UTdxuRMcSGUxFcYJq6AAdS
TKWEvs7ye8x0/8QmMX+wrePCF54/IV9PD+y5xJ7Xq41vAa+3eHHqonFUO+BpOvsD
ly19t47ZUj0x78RQQ6+hJFnDVoka09MJt/QAykFfm6GhZSLf3PafjDx9mx+LZnA=
=bGP7
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

