[tor-bugs] #14084 [Tor]: Configuration option for anti-hs-portscanning
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 13 15:25:11 UTC 2015
#14084: Configuration option for anti-hs-portscanning
------------------------+--------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-hs nickm-patch
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------------
Comment (by qwerty1):
Replying to [comment:3 dgoulet]:
> I wonder if this is a bit too much technical for users:
>
> {{{
> [[HiddenServiceAllowUnknownPorts]] **HiddenServiceAllowUnknownPorts**
**0**|**1**::
> If set to 1, then connections to unrecognized ports do not cause the
> current hidden service to close rendezvous circuits. (Default: 0)
> }}}
>
> What is a "rendezvous circuit"?
The manual mentions technical terms (including rendezvous circuits)
several times already, with no ill effects so far.
>What that entails for the user to set it or not? Should we mention that
it's primarly there to make port scanning harder on the attacker side
(which is it really?)
Describing it in those terms encourages users to place their trust in
2^16^ security through obscure ports, and ignores the already existing
solution: HS client authorization.
The only thing I would change about this patch is I think it should be set
to `1` by default.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14084#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list