On Thu, 2013-04-18 at 22:35 +0000, fek...@tormail.org wrote: > I want to create a Tor hidden server, which people SSH into over Tor. > Users could discover the IP server by running traceroute. To stop this I > have added a simple rule to pf.conf based off "helping traceroute". > Otherwise they could just build or run their own binary traceroute.
Doesn't traceroute need to be setuid root to work? $ ls -l `which traceroute` -r-sr-xr-x 1 root bin 189176 Aug 1 2012 /usr/sbin/traceroute Though, honestly, traceroute is the least of your problems, read on... > Is there anything else I should take into consideration when trying to > prevent a server from being discovered? The server will be behind a NAT > with only a LAN address. ping, ifconfig, lynx or for that matter most web browsers (that can be used to browse to sites like ipchicken.com or whatismyip.com). Unless, of course, you are careful to either only allow outbound connections via Tor (difficult but possible), or not allow outside Internet connectivity at all (easier but may well defeat the purpose of what you're trying to do). -- Shawn K. Quinn <skqu...@rushpost.com>