If the machine has no public services running, would that attack still work? What if it's behind NAT or a hw firewall with ssh exposed only via port knocking?
It needs to be connectible over IP (and TCP, I think?) for it to talk to Tor, which is necessary for running a hidden service. You could imagine an anonymizing network where that is not necessary, I guess, by having the service connect to some other internal node over NAT. (Although then you could just Sygil attack with a bunch of nodes and wait for the target to connect to you.)
