[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts
#31103: Support ORPort picking a random port that persists across restarts
------------------------------+--------------------
Reporter: phw | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: 0.5 | Reviewer:
Sponsor: |
------------------------------+--------------------
A bridge's transport port and OR port are semi-secret. We don't want a
bridge to listen on port 9001 because it would facilitate Internet-wide
scanning: a censor could scan the entire IPv4 address space for port 9001
and block all bridges they discover this way. We therefore encourage
operators to not set `ServerTransportListenAddr`, which makes Tor pick a
random port and write it to its state file, so it persists across
restarts. Bridge operators can then whitelist this port in their firewall
configuration.
Bridge operators may welcome a similar option for `ORPort`. However, when
setting `ORPort` to auto, Tor attempts to find a new port each time it
starts. This means that operators would have to re-configure their
firewalls after each restart.
In the short term, we should instruct operators to pick their own ports
and explicitly set them for both `ORPort` and `ServerTransportListenAddr`
but in the long term we may want `ORPort` to be able to pick a random port
and save it to Tor's state file.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31103>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs