-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Is there any good way to hide the presence of hidden services? I know that if I create a hidden service, at least the HSDir nodes are able to see the .onion address of that site. So someone could scrape a list of .onion addresses to portscan and automatically exploit if they have a 0day. Let's say I wanted to expose an SSH service there. As all incoming connections come from 127.0.0.1 I cannot use a firewall for access control, and SSH is very verbose in announcing itself.
Is there any good way to hide the presence of services? Something like port knocking I guess, but most of those solutions seem to listen to all traffic using libpcap and that sounds like a big attack surface as well. I've seen https://tools.ietf.org/html/draft-kirsch-ietf-tcp-stealth-00 and I think it would be a great solution if/when it gets into the kernel, but as long as it requires kernel patching it's not really an option for me. Alternatively, something that did not hide the listening socket but was just a very simple wrapper around TCP that checked a MAC on incoming messages, letting through only those messages that have the correct MAC but not responding at all to others. Something so simple that it can be easily audited (unlike OpenSSH). That way scanners could not tell what was running behind it. Does something like this exist? - -- Nam-Shub -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT+KTZAAoJEGnYwQctydHVf28P/RpoUskk9q2mqpsaJRHCi47y mG9pJeidDQnfmaf0qL2EUXdqnTm6UK15X748dqVRSaxjw+7xRCpNj7wtZknKv/Dk PK91/YlASbkmCzbOvwvKqOpKpVZ8xiu+LSpW/biLnWvgA6fyHKKebmfkR4M93v0e oopX1x4CDwYyZcsJMzW3K3/5y07yP8uTtIQPwre5nBOi/DPU0BiiTtaX6EB60EvT BTNkvUitDR1h48ZqebYzqPWXF81A7sq1VnUSdKSQ9NJVxOkfUQRcXq+neQHS9KyH UpvuAZ8l5Zew6c7gMnHVBszv05orsnoLqmbDIfUhZqyKIEwAi+LmPiQF7mTPJvkn qLfIx6kGXViTIF6NW47Z2nOixMFrBEaIJrcDmkcdb7ciex9VEdQd9bEPXygzDO+P urUOEuXuCvjtEar/OsO5TwWzhye2nPHBcjNJde0qaEp3yZ7L2ja2OLVpwy5FCjQN LR4O43H0J3yzZ4nReF474tMaM84GUaNIQ/gGducy4TJ8A9lDjNFQ7s4GZVyVr5rH iD8M3KbFD5CdnQv1QEUBaaNJsMIXsILu0k6xOCZhQRdYQuu2izK45RSdtlvc6j78 glkTKpSxVWshq5Ay/TgxQR4I5V1l+EXWvrCA0+e3EefmTMlCXXwagSzL2wyAZBU1 QEAcnGzWFpdIIcVgsDD1 =XMz2 -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
