[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)



On Wed, May 20, 2015 at 06:48:52PM +0300, s7r wrote:
> Speaking of, it's a long time I have been asking myself this, why does
> a bridge with PT need a publicly open ORPort?
> 
> I understand it for a regular bridge, no PT, but when I use PTs why
> should I also open the ORPort publicly? I understand the PT needs to
> talk to Tor via its ORPort, but can't we make this happen on
> 127.0.0.1? Right now if a 'watcher' sees obfs4proxy traffic and can't
> tell what it is, just does a full port scan on the destination and
> sees an ORPort open.

Correct.

This is
https://trac.torproject.org/projects/tor/ticket/7349

You might also enjoy the other tickets linked from
https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorS/PluggableTransports

> > If the hostile relay has no Guard flag, it shouldn't receive
> > direct connections from clients.  If it does have the Guard flag,
> > it could port scan the previous hop to see if it has an open (OR)
> > port.

For more bridge discovery attacks, a good first reading material is
https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk