Hidden Service (mysql, apache, php)

David Vennik davidvennik at googlemail.com
Tue Nov 7 05:58:00 UTC 2006


the security risks are the same as running it without being hidden, except
vulnerabilities allowing the attacker to get the real ip address is the
major difference. i wouldn't think such exploits would be easily done
especially if one has told one's AMP servers to only accept connections from
localhost. anything which could give the attacker root would obviously allow
them to run ifconfig or ip to determine (oh, if the machine is windows,
ipconfig) the address of the network-facing ip, or if need be, the address
of the default gateway which is the public ip address. just something to be
aware of. any security holes will lead to compromise, the community is
always seeking to close such holes of course, being that such a large
portion of the internet depends on its integrity.

On 10/31/06, Nils Vogels <bacardicoke at gmail.com> wrote:
>
> On 10/31/06, tormailinglist tormailinglist <tormailinglist at yahoo.com>
> wrote:
> > Could anybody tell me what the security risks are runngin a hidden
> service
> > with Hidden Service (mysql, apache, php) behind a router?
> >
> They are no different from running a Hidden Service without the
> router, since in the Tor network, the existance of routers is
> effectively ignored.
>
> http://tor.eff.org/docs/tor-hidden-service.html.en#four should be able
> to help you out on that..
>
> HTH & HAND,
>
> Nils
>
> --
> Simple guidelines to happiness:
> Work like you don't need the money,
> Love like your heart has never been broken and
> Dance like no one can see you.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20061107/cdffc1c2/attachment.htm>


More information about the tor-talk mailing list