[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
From: Matthew Finkel <matthew.finkel@xxxxxxxxx>
Date: Mon, 30 Apr 2018 13:57:15 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 30 Apr 2018 09:57:37 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:date:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=EnwBKGRlZhGcvI/s2ch9gnL0Sb40LT+04kvWUuklR/I=; b=farwYNomcyd2cRsee2wwCBAXBJzmhf3nH5l5kwO/cI4v19xqFvEzUuh6UVmK0wQnmP MtpuGslOYeurro0pxdFbqcXeWlZintd+oAhpYLktVjb9Equrran1EQMDGKKxznmcR2XW pMTuhvkoF9Matll2HOUzG84Wlzn/x2Zb3RvnBMxmqxiJpV8ytPoPqs2jmZlZA2WXa4PN 2SljDZHocuaDx7FyTwfAE04yuHg5LhiU03YIFLw5aq8W9CjaspSuaxyy/NS7VfPScyEc SKElQQWeBbIb1iaQX8SG7BC2xSvcympDCzLWuAY+xi6YLz3VDzlzcUmnoJ9+6SOit6ve ko6w==
In-reply-to: <8e873206-82b5-310c-2367-a7f474faadc5@lunorian.is>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <7f58c879-bddc-1e33-e86b-4edde85bbeef@lunorian.is> <20180429183610.s62ipgzr4ug5s2ie@localhost> <8e873206-82b5-310c-2367-a7f474faadc5@lunorian.is>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: NeoMutt/20170113 (1.7.2)

On Sun, Apr 29, 2018 at 03:41:47PM -0400, Nathaniel Suchy (Lunorian) wrote:
> Thank you for clarifying that. The obfs4 bridges you can get at
> bridges.torproject.org also pose an interesting risk, the ports each
> Bridge IP Address is using seem to be non-standard, I'm in the US and
> most networks I am at do not censor although sometimes certain ports at
> public wifi networks are blocked, could a threat actor threatening you
> or tor users in general realize an IP Address was a Tor Bridge by
> identifying a large amount of traffic to a non-standard port on random
> datacenter IP Addresses?

Yes, it is possible. There's nothing magical about how Tor sends the
traffic and none of the currently-deployed pluggable transports
significantly modify a users traffic pattern. A network operator could
observe strange traffic from a client, where the destination is a rarely
used IP address and the port number is non-standard. This could be a Tor
connection or it could be a brand-new up-and-coming app which could
revolutionalize the world. What does the network operator do? Do they
block the traffic because it *could* be a connection into the Tor
network?

Of course, there is the next step the network operator could take -
active probing. If they suspect a connection is into a Tor bridge, then
they can try connecting to it, and if it responds like a Tor relay then
they can classify it as "Tor". The obfs4 pluggable transport includes
active probing protection where the client must have the bridge's
non-public second identity key as requirement for establishing a
connection with the bridge. If the client does not have this identity
key, then the initial obfs4 connection will fail and the server will
not leak the fact there is a Tor bridge underneath it.

> 
> You can tell Tor Browser your Firewall only allows connections to
> certain ports which I assume when used with bridges would help further
> hide the fact you are using Tor.

Not necessarily. That option only tells Tor "don't choose a relay as my
first-hop (guard/entry relay) if I know it will be blocked". This simply
avoids choosing a relay listening on port 9999 when we already know the
network firewall only allows ports 443 and 80.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Nathaniel Suchy (Lunorian)
- Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Matthew Finkel
- Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
  - From: Nathaniel Suchy (Lunorian)

Prev by Author: Re: [tor-talk] Structured Information on Tor
Next by Author: Re: [tor-talk] Fingerprinting issue in Tor Browser for macOS
Previous by thread: Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?
Next by thread: [tor-talk] Fingerprinting issue in Tor Browser for macOS
Index(es):
- Author
- Thread