[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
From: Roger Dingledine <arma@xxxxxxx>
Date: Wed, 20 May 2015 17:32:21 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 May 2015 17:32:33 -0400
In-reply-to: <555CACE4.8020403@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CADop2NHxbKqiMVAW0uzfTGA-wa6Nuv+x6aGAGRDiE=5Af+oUPQ@xxxxxxxxxxxxxx> <20150520151004.GB30057@xxxxxxxxx> <555CACE4.8020403@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Wed, May 20, 2015 at 06:48:52PM +0300, s7r wrote:
> Speaking of, it's a long time I have been asking myself this, why does
> a bridge with PT need a publicly open ORPort?
> 
> I understand it for a regular bridge, no PT, but when I use PTs why
> should I also open the ORPort publicly? I understand the PT needs to
> talk to Tor via its ORPort, but can't we make this happen on
> 127.0.0.1? Right now if a 'watcher' sees obfs4proxy traffic and can't
> tell what it is, just does a full port scan on the destination and
> sees an ORPort open.

Correct.

This is
https://trac.torproject.org/projects/tor/ticket/7349

You might also enjoy the other tickets linked from
https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorS/PluggableTransports

> > If the hostile relay has no Guard flag, it shouldn't receive
> > direct connections from clients.  If it does have the Guard flag,
> > it could port scan the previous hop to see if it has an open (OR)
> > port.

For more bridge discovery attacks, a good first reading material is
https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges

--Roger

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
  - From: Virgil Griffith
- Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
  - From: Philipp Winter
- Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
  - From: s7r

Prev by Author: Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
Next by Author: Re: [tor-talk] A thought experiment on direct action
Previous by thread: Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
Next by thread: [tor-talk] Use of TOR for illegal activities
Index(es):
- Author
- Thread