On 09.09.2011 08:36, t...@lists.grepular.com wrote: > On 09/09/11 06:43, Orionjur Tor-admin wrote: > >> Very intresting what is the vulnerabilities they used for breaking systems? >> In the lite of that facts I don't know what I need to advice my clients >> - setting up hidden services on their home computers or on overseas >> vdses? (My clients are not providers of child pornography but they are >> fighters with tyrannical regim). >> The first method is the best from the point of view of information >> defense but the second method is the best for defense of persons of >> operators of that services... > > Probably the safest way to run a hidden service is to do it from inside > a VM. > > Install Tor on the host OS. Configure up the Hidden Service on the host > OS, but point it at the IP of the VM. Set up a firewall on the VM to > prevent all other network traffic going in or out of it. Or > alternatively use the TransPort functionality of Tor so all traffic > leaving the VM goes through Tor. > > If the webserver on the VM is compromised, they get access to the VM, > but the VM shouldn't know its real IP address (just the NAT'd one), or > anything else about where it is or who it belongs to. > > You're still relying on there being no vulnerabilities in the VM > software or the Tor software which allow an attacker to access the host > system, but that sort of attack is much more difficult to pull off than > compromising a web server, or any of the software being served by the > web server. > > For all we know, this was a simple PHP exploit that allowed the attacker > to make a HTTP request from the target server to a host on the wider > Internet, to discover its IP. > > >
How I need to set my VM for thas purposes? I use a VirtualBox under transparently torified user on host machine for the most secure browsing in the Internet but I cannot to get access to that machine through ssh from my host machine inspite setting up suitable port forwarding in VBox settings. I think that the settings of my host firewall prevent that access. So, I'll probably have such problem in the connection between my host and guest machines if I set up a web-server on VM, and my hidden service on my host. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk