[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)

On Wed, May 20, 2015 at 06:48:52PM +0300, s7r wrote:
> Speaking of, it's a long time I have been asking myself this, why does
> a bridge with PT need a publicly open ORPort?
> I understand it for a regular bridge, no PT, but when I use PTs why
> should I also open the ORPort publicly? I understand the PT needs to
> talk to Tor via its ORPort, but can't we make this happen on
> Right now if a 'watcher' sees obfs4proxy traffic and can't
> tell what it is, just does a full port scan on the destination and
> sees an ORPort open.


This is

You might also enjoy the other tickets linked from

> > If the hostile relay has no Guard flag, it shouldn't receive
> > direct connections from clients.  If it does have the Guard flag,
> > it could port scan the previous hop to see if it has an open (OR)
> > port.

For more bridge discovery attacks, a good first reading material is


tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to