I set up a test Stealth Authenticated Hidden Service Web Server. I noticed examining the logs that the default behavior is for Tor to establish several "exit circuits". Since the hidden service (HS) does not need an exit node, I thought to try eliminating all exit circuits.
I added the following to the torrc: ExcludeExitNodes 255.0.0.0/1,1.0.0.0/1 Thinking that this excludes the entire Internet as an exit. Based upon a brief test, it appears to work. I can still contact the HS and there is no "exit circ" in the log, although it seemed to take longer for the HS to become known. This leads me to a couple of questions: #1 Is excluding all exits a reasonable or good thing to do? #2 Given that exit circuits are normally pre-established, is it theoretically possible for an exit node to use its pre-established circuit with my HS to establish a connect without having the HS encryption cookie, or even without knowing the "onion" since the circuit already exists? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
