On Thu, 7 Jul 2016 07:29:04 +0200 Andreas Krey a.krey@gmx.de wrote:
On Wed, 06 Jul 2016 15:06:00 +0000, grarpamp wrote: ...
https://boingboing.net/2016/07/01/researchers-find-over-100-spyi.html
Is there a way to make tor log connection attempts to any ports on an hidden service address, independent of whether the port actually has a HiddenServicePort?
Not on any reasonable log config as is (I didn't check unreasonable ones like the debug one.).
Patch `rend_service_set_connection_addr_port()` in rendservice.c if you want this behavior. Note that it will already log connection attempts to unknown ports by default (to the `LD_REND` domain).
There's also an option (disabled by default) to tear down circuits that attempt to open streams to unknown ports, but that won't stop anyone moderately dedicated, just make things take more time.
All quite expected and well known ever since the dawn of overlay networks. Same with the Internet.
Also, wasn't there a change that made discovery impossible?
Prop 224 will fix it, but that hasn't been fully implemented yet. Using `stealth` HS auth in the mean time frustrates this.