Quoting Gary C. New via tor-relays (2022-12-10 04:20:48)
>> What is the status of Bug #7349 - Obfsbridges should be able to "disable"
>> their ORPort?
>> I recently setup a loadbalanced OBFS4 bridge and would prefer not to expose the ORPort to the World.
>> I've noticed that some of the tasks to make this possible have been implemented, but it isn't clear whether everything needed is in place as I receive a bridge/relay down status on metrics.torproject.org when the ORPort isn't exposed to the World.
> We do still need the ORPort reachable. The bridge authority does use that port
> to check if the bridge is running (marking the 'running' flag to it). We are
> still using that flag to decide what bridges are distributed, we'll like to
> revisit that in the future. But for now, please expose the ORPort to the world.
meskio,
Presently, it sounds like security through obscurity (hide the Tor listener on a publicly-facing port, not within nmap's default top-1000 most scanned ports, and among a number of publicly-facing, non-Tor ports with a touch of Snort or Suricata IPS is the best solution for now)?
Hopefully, it won't take another 10 years to implement this security request and improve Tor Bridge survival rates.
I appreciate the status update of Bug #7349.
BTW... My bridge has been running for about a week. I am able to successfully connect to it manually. When should I expect to see stats for my bridge? Currently, I continue to receive the message "no resources for the given id."
Thank you for your assistance.
Respectfully,
Gary
—
This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged)