Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

torcontrol: Use the default/standard network port for Tor hidden services, even if the internal port is set differently #15651

Open
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
7 participants
@luke-jr
Copy link
Member

commented Mar 23, 2019

Currently, the hidden service is published on the same port as the public listening port.
But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.

@fanquake fanquake added the P2P label Mar 23, 2019

@DrahtBot

This comment has been minimized.

Copy link
Contributor

commented Mar 23, 2019

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #14856 (net: remove more CConnman globals (theuni) by dongcarl)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

torcontrol: Use the default/standard network port for Tor hidden serv…
…ices, even if the internal port is set differently

Currently, the hidden service is published on the same port as the public listening port.
But if a non-standard port is configured, this can be used to guess (pretty reliably) that the public IP and the hidden service are the same node.

@luke-jr luke-jr force-pushed the luke-jr:tor_standard_port branch from 3961fb2 to 8a26567 Mar 23, 2019

@practicalswift

This comment has been minimized.

Copy link
Member

commented Mar 23, 2019

Concept ACK

Are there additional decloaking vectors that could be worth fixing?

@gmaxwell

This comment has been minimized.

Copy link
Member

commented Mar 23, 2019

This sounds okay to me but it will remain trivial to link HS nodes with their non-HS addresses, we should document that clearly. (for example, hand a node a orphan txn on one identity then observe that it won't getdata the same txid on another)

@practicalswift

This comment has been minimized.

Copy link
Member

commented Mar 25, 2019

utACK 8a26567

@naumenkogs

This comment has been minimized.

Copy link
Contributor

commented Mar 25, 2019

utACK 8a26567

@MarcoFalke

This comment has been minimized.

Copy link
Member

commented Mar 25, 2019

Would there be any reason to make it user-configurable? Could the port collide with something else? Does this need release notes?

@luke-jr

This comment has been minimized.

Copy link
Member Author

commented Apr 4, 2019

@MarcoFalke This is only for the dedicated hidden service we create, so no, nothing else can use it.

The only reason for release notes would be if the privacy leak is serious enough to warrant an advisory; but IIRC this is only one of multiple ways to tie a Tor node to a clearnet node, so probably not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.