[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #6874 [Ooni]: Bridge Testing: Indirect Scans



#6874: Bridge Testing: Indirect Scans
---------------------------------+------------------------------------------
 Reporter:  isis                 |          Owner:  isis               
     Type:  task                 |         Status:  new                
 Priority:  normal               |      Milestone:  Deliverable-Nov2011
Component:  Ooni                 |        Version:                     
 Keywords:  bridge reachability  |         Parent:  #6414              
   Points:                       |   Actualpoints:                     
---------------------------------+------------------------------------------
 These need to be further researched and tested. There may also be new
 methods discovered as time goes on, since some of these methods are pretty
 obscure.

 Summary from [#6414 the parent ticket]:

  1. "Nmap stealth scan" style indirect scan: Send a TCP SYN with a forged
 IP address header to the bridge, the IP should should actually point to
 some in-country publicly observable service with sequential or otherwise
 predictable fields.
  2. Use any website which allows free content upload to give the bridge
 address as "content" and wait to see if the page times out. This is
 basically a variant of the vanilla TLS handshake test; however, a downside
 is that contact with the bridge is measured from wherever the localized
 server for the content upload site is and may not be in-country.
  3. Use FTP proxies or some similar weird bounce mechanism in-country to
 obfuscate the purpose of the connection.
  4. Use the canary to force probes to check for us, without the probes
 actually checking. I'm just going to start calling this idea "quis-
 custodiet-ipsos-custodes-now-f******?!?!?!"
  5. There were other ideas which were as entertaining as they were
 ridiculous, and there are probably a lot that I haven't thought of yet.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6874>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs