[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] automatically detect many new identical/similar bridges



nusenu transcribed 3.9K bytes:
> > Or, alternately, if they submit a bridge descriptor from an AS they
> > are watching, then they know all the bridges in that AS.
> > 
> > And they don't actually need to be in the AS to submit a descriptor
> > with an IP address from that AS.
> 
> Ok that makes it bad to a point where it is pointless. I'm surprised
> that you can get bridge auth to distribute fake bridges for arbitrary
> IPs - I assume that is not actually the case.

Hi nusenu!

Right, these bridges do not actually get distributed.

The BridgeAuthority accepts the descriptor, and, assuming it can't open a
connection to the bridge on the IP:port within the signed bridge descriptor,
it doesn't mark the bridge with the "Running" flag.  Later, BridgeDB receives
a tarball of all the new descriptors from the BridgeAuthority, and BridgeDB
chucks out the bridges without the Running flag (i.e. they don't get added to
the hashring). [0]

[0]: https://gitweb.torproject.org/user/isis/bridgedb.git/tree/bridgedb/Bridges.py?id=78e352ec18bc55bbb519747a1b1d9e909e3640d7#n453

Best regards,
-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev