<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><div><br></div></div><div>On 27 Nov 2014, at 13:30, George Rosamond <<a href="mailto:george@ceetonetechnology.com">george@ceetonetechnology.com</a>> wrote:<br><br></div><blockquote type="cite"><div><span>teor:</span><br><blockquote type="cite"><blockquote type="cite"><span>1.  blocking what shouldn't be listening, assuming "block" is high up in</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>your ruleset.  I have a box that localhost was at 127.0.0... other than</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>.1.  Therefore, a hidden service wasn't hidden.</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>George,</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Is this a bug in tor where it only considers 127.0.0.1 local?</span><br></blockquote><blockquote type="cite"><span>Or a configuration bug in the hidden service torrc?</span><br></blockquote><blockquote type="cite"><span>Or something else?</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br><span></span><br><span>Good question.</span><br><span></span><br><span>If a web server is configured to listen on localhost, and the torrc sets</span><br><span>localhost for listening for hidden traffic, then it shouldn't.  But if</span><br><span>you set 127.0.0.1 (instead of localhost) and that's not the localhost</span><br><span>address, then the problem arose.</span><br><span></span><br><span>I'd have to test it again, but in that case it was a FreeBSD jail.</span><br><span></span><br><span>But very likely it would make more sense to set your www config file and</span><br><span>the torrc to listen on localhost.</span><br><span></span><br><span>As I write... it does start sounding like a bug...</span><br><span></span><br><span>g</span><br><span></span><br></div></blockquote><br><div>If you can track down the specific circumstances which expose a hidden service (Is that the core issue? Or was it just disabled?), I would be happy to log a bug against tor, and chase down the offending line of code.</div><div><br></div><div>But if it's a misconfiguration that could happen to any proxy, there's not much tor can do.</div><div><br></div><div>In the small amounts of tor code I've read, 127./8 is considered local.<br><br><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="background-color: rgba(255, 255, 255, 0);">teor<br>pgp 0xABFED1AC<br><a href="hkp://pgp.mit.edu/">hkp://pgp.mit.edu/</a></span></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><font color="#000000"><span style="background-color: rgba(255, 255, 255, 0);"><a href="https://gist.github.com/teor2345/d033b8ce0a99adbc89c5">https://gist.github.com/teor2345/d033b8ce0a99adbc89c5</a><br><a href="http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7wtmU66Mx" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="2">http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7wtmU66Mx</a></span></font></div></div></body></html>